Question 1: How to dynamically update the rules in suricata? I want to conduct unified management of the rules through Java, which involves the operation of adding, deleting and modifying. How to synchronize the operation in Java to the rule base of suricata?
Problem 2: How to dynamically control the switch of suricata, and achieve the dynamic control traffic acquisition of suricata in Java.
I hope you have some answers. Thank you
Suricata can reload a ruleset (e.g., with an updated ruleset file(s)). This is documented here
Could you clarify your second statement?
Thank you for your prompt reply. Regarding the rule overloading you mentioned, could you please clarify whether it is implemented via Java calling the CentOS command line? Additionally, could you confirm if the Suricata traffic monitoring switch is controlled through an API?
If suricatasc is available on your system, you could call that from the command line.
Some, but not all, functions of suricata can be controlled with suricatasc – you’ll have to check the documentation to see if your use case is supported.
Hi,bro.
Suriata operates normally, the unix-socket can also be used normally, and suricata.log is output, but eve.json is not output.
Post your suricata.yaml and the run command you used and the suricata.log
Here is my configuration and log.
suricata.log (1.2 KB)
suricata.yaml (85.1 KB)
And the run command?
What is the output of ls -lisah /usr/local/suricata/log?