- Suricata version 7.0.5
- Debian 12
Is it not possible to run suricata offline mode as a daemon ?
I tried running this command but i get this error pcap offline mode can not run as daemon.
if so why is that i would like to have an instance running live and another one running offline
sudo suricata -D -c /etc/suricata/suricata.yaml --pcap-file-delete --pcap-file-continuous -r /home/rafael/pcaps –runmode=autofp
You don’t need the daemon mode for the use case, you can run it with --unix-socket as described in 22. Interacting via Unix Socket — Suricata 8.0.0-dev documentation and feed it with the pcaps.
But if i have to use a socket i will have to install suricatasc on the computers of my team when i could just open a samba share and drop files in there, I think these are “Different use cases”.
Unless i understood this wrong
I feel like using a socket is much more work and harder then just using a simple share and dropping files in there 