suricata.log (1.9 KB)
suricata.yaml (85.1 KB)
Here are my relevant configurations. Suricata does not output the log information of unix-command.
Test the echo ‘{“command”: “help”}’ | nc -U /run/suricata/suricata-command.socket
suricata log output Info: unix-manager: error: version is not a string
The socket requires a version command to be sent first, in the same session as your help command. You can do this by running nc interactively:
$ nc -U /var/run/suricata/suricata-command.socket
Then you type:
{"version": "0.2"}
and you should see a response,
then send your help command:
{"command": "help"}
Thank you, bro, Jason Ish.
I’ve succeeded after trying it your way. But could you please tell me why the version operation needs to be sent first and any other precautions?
Hello.Bro.Jason Ish
Can this instruction be used multiple times? For example, can I send {“version”: “0.2”} each time I execute a different command?
I found that after enabling the unix-socket, the logs are no longer output to eve.json. How can I make the logs output to eve.json at the same time?