Hi
I am starting suricata
using
suricata -c /etc/suricata/suricata.yaml -i eth0 &
so that it don’t occupy terminal and runs in background
How to stop it now gracefully , instead of killing process by using kill PID
also if I started it with napatech which will create multiple stream , how to stop them all
I generally use ctrl+c to stop it from terminal.
Thanks
Suricata will stop gracefully after receiving SIGTERM, kill -15 $(pidof suricata)
Hi @Jeff_Lucovsky like manually I can get PID by seeing processes running.
Q1} But what if I want to write a script to start and stop suricata , how will i get PID automatically
Q2} Like Napatech create multiple streams / processes how will kill them by finding individual PID
You can use one of the following to retrieve the process id (pid) of Suricata
pidfile by starting Suricata in “daemon mode” (with -D) or using the command line option --pidfile
pidof suricata will return Suricata’s process identifier.When shutting down gracefully, all of the Napatech streams created by Suricata will be closed. Are you referring to these streams or the one that the ntservice process creates?
I am referring to napatech stream created by suricata , as mentioned in suricata.yaml Napatech section
Those will be closed
if you have unix socket enabled, you can use this command in the CLI -
suricatasc -c shutdown
You can look for an OK result if you want to ensure that it worked.