Irregular Expressions

Feb 23 2010   12:44AM GMT

Installing Suricata on FreeBSD – Part 3



Posted by: Dan O'Connor
Tags:
suricata freebsd
suricata install
suricata install freebsd

Now that Suricata will start it’s time to create a rc script to control the service.

( Lets put it somewhere nice )

vi /usr/local/etc/rc.d/suricata
#!/bin/sh
#
# By Dan OConnor
# PROVIDE: suricata
#
. /etc/rc.subr
name="suricata"
rcvar=${name}_enable
load_rc_config $name
: ${suricata_enable="NO"}
start_cmd=${name}_start
stop_cmd=${name}_stop
suricata_bin="/usr/local/bin/suricata"
suricata_start() {
        ${suricata_bin} -D -c $suricata_conf -i $suricata_int
}
suricata_stop() {
        killall -INT suricata
}
run_rc_command "$1"
chmod +x /usr/local/etc/rc.d/suricata

You can get fancy if you want with the rc script, but this basic one will allow you to start,stop and restart the service as needed.

Add the needed lines to /etc/rc.conf so we can start the service and pass our variables in.

vi /etc/rc.conf
suricata_enable="YES"
suricata_int="em0"
suricata_conf="/usr/local/etc/suricata.yaml"

And give it a test run.

test# /usr/local/etc/rc.d/suricata start
Warning: Invalid global_log_level assigned by user.  Falling back on the default_log_level "Info"
Warning: Invalid global_log_format supplied by user or format length exceeded limit of "128" characters.  Falling back on default log_format "[%i] %t - (%f:%l)  (%n) -- "
Warning: Output_interface not supplied by user.  Falling back on default_output_interface "Console"
[100121] 23/2/2010 -- 05:52:14 - (suricata.c:567)  (main) -- This is Suricata version 0.8.1
[100121] 23/2/2010 -- 05:52:14 - (util-cpu.c:150)  (UtilCpuPrintSummary) -- CPUs Summary: 
[100121] 23/2/2010 -- 05:52:14 - (util-cpu.c:152)  (UtilCpuPrintSummary) -- CPUs online: 1
[100121] 23/2/2010 -- 05:52:14 - (util-cpu.c:154)  (UtilCpuPrintSummary) -- CPUs configured 1
[100121] 23/2/2010 -- 05:52:14 - (output.c:42)  (OutputRegisterModule) -- Output module "AlertFastLog" registered.
[100121] 23/2/2010 -- 05:52:14 - (output.c:42)  (OutputRegisterModule) -- Output module "AlertDebugLog" registered.
[100121] 23/2/2010 -- 05:52:14 - (output.c:42)  (OutputRegisterModule) -- Output module "AlertUnifiedLog" registered.
[100121] 23/2/2010 -- 05:52:14 - (output.c:42)  (OutputRegisterModule) -- Output module "AlertUnifiedAlert" registered.
[100121] 23/2/2010 -- 05:52:14 - (output.c:42)  (OutputRegisterModule) -- Output module "Unified2Alert" registered.
[100121] 23/2/2010 -- 05:52:14 - (output.c:42)  (OutputRegisterModule) -- Output module "LogHttpLog" registered.

test# /usr/local/etc/rc.d/suricata stop

Needs to be cleaned up a bit but we can now start and stop it.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: