suricata-update(1)

tool to update Suricata sources

Section 1 suricata-update bookworm source

Description

SURICATA-UPDATE

NAME

suricata-update - tool to update Suricata sources

DESCRIPTION

usage: suricata-update update [-h] [-v] [-q] [-D <directory>] [-c <filename>]
[--suricata-conf <filename>] [--suricata <path>]

[--suricata-version <version>] [--user-agent <user-agent>] [--no-check-certificate] [-V] [-o <directory>] [-f] [--yaml-fragment <filename>] [--url <url>] [--local <path>] [--sid-msg-map <filename>] [--sid-msg-map-2 <filename>] [--disable-conf <filename>] [--enable-conf <filename>] [--modify-conf <filename>] [--drop-conf <filename>] [--ignore <pattern>] [--no-ignore] [--threshold-in <filename>] [--threshold-out <filename>] [--dump-sample-configs] [--etopen] [--reload-command <command>] [--no-reload] [-T <command>] [--no-test] [--no-merge] [--offline] [--fail]

options:

-h, --help

show this help message and exit

-v, --verbose

Be more verbose

-q, --quiet

Be quiet, warning and error messages only

-D <directory>, --data-dir <directory>

Data directory (default: /var/lib/suricata)

-c <filename>, --config <filename>

configuration file (default: /etc/suricata/update.yaml)

--suricata-conf <filename>

configuration file (default: /etc/suricata/suricata.yaml)

--suricata <path>

Path to Suricata program

--suricata-version <version>

Override Suricata version

--user-agent <user-agent>

Set custom user-agent string

--no-check-certificate

Disable server SSL/TLS certificate verification

-V, --version

Display version

-o <directory>, --output <directory>

Directory to write rules to

-f, --force

Force operations that might otherwise be skipped

--yaml-fragment <filename>

Output YAML fragment for rule inclusion

--url <url>

URL to use instead of auto-generating one (can be specified multiple times)

--local <path>

Local rule files or directories (can be specified multiple times)

--sid-msg-map <filename>

Generate a sid-msg.map file

--sid-msg-map-2 <filename>

Generate a v2 sid-msg.map file

--disable-conf <filename>

Filename of rule disable filters

--enable-conf <filename>

Filename of rule enable filters

--modify-conf <filename>

Filename of rule modification filters

--drop-conf <filename>

Filename of drop rule filters

--ignore <pattern>

Filenames to ignore (can be specified multiple times; default: *deleted.rules)

--no-ignore

Disables the ignore option.

--threshold-in <filename>

Filename of rule thresholding configuration

--threshold-out <filename>

Output of processed threshold configuration

--dump-sample-configs

Dump sample config files to current directory

--etopen

Use ET-Open rules (default)

--reload-command <command>

Command to run after update if modified

--no-reload

Disable reload

-T <command>, --test-command <command>

Command to test Suricata configuration

--no-test

Disable testing rules with Suricata

--no-merge

Do not merge the rules into a single file

--offline

Run offline using most recent cached rules

--fail

Strictly fail and exit in case of an error

other commands:

update-sources

Update the source index

list-sources

List available sources

enable-source

Enable a source from the index

disable-source

Disable an enabled source

remove-source

Remove an enabled or disabled source

add-source

Add a new source by URL

check-versions

Check version of suricata-update