README
¶
suriwrap
A Go library for using Suricata as a library.
Installation
go get github.com/VaiTon/suriwrap
Usage
// we won't check for errors in this example, but you should in your code
rules := []string{
"alert http any any -> any any (msg:\"Test rule\"; sid:1;)",
}
config := suriwrap.Config{...}
suri, _ := suriwrap.NewEngine(config, rules)
_ := suri.Start()
pw := suri.PcapWriter()
go func() {
pw.WriteFileHeader(...)
pw.WritePacket(...)
}()
go func() {
for e = range e.EveLines() {
fmt.Println("Received event:", e)
}
}()
time.Sleep(2 * time.Second) // wait for some events
p.Stop()
Documentation
For more detailed documentation, please refer to the GoDoc page.
Documentation
¶
Index ¶
- type Config
- type Engine
- func (e *Engine) AddRule(rule string)
- func (e *Engine) ClearRules()
- func (e *Engine) EveLines() <-chan eve.Event
- func (e *Engine) EveOutput() <-chan []byte
- func (e *Engine) ListRules() []string
- func (e *Engine) Reload() error
- func (e *Engine) RemoveRule(idx int) error
- func (e *Engine) SetSuricataPath(path string)
- func (e *Engine) Start() error
- func (e *Engine) Stop() error
- func (e *Engine) Writer() io.Writer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
SuricataPath string // Path to the Suricata binary (default is "suricata")
CaptureOutput bool // Whether to capture output from Suricata
Args []string // Additional command line arguments for Suricata
}
Config holds the configuration for the Suricata engine.
type Engine ¶
type Engine struct {
Config
// contains filtered or unexported fields
}
Engine represents a Suricata engine instance that can be started and stopped. It manages Suricata processes, rules, and input/output files. It provides methods to start/stop Suricata, add/remove rules, and read EVE JSON output. It also provides a PCAP writer for sending packets to Suricata.
func NewEngine ¶
NewEngine creates a new Suricata engine instance with the given configuration and rules.
You should call Start() to start the Suricata process.
func (*Engine) AddRule ¶
AddRule adds a new rule to the Suricata engine.
You should call Reload() to apply the new rule.
func (*Engine) ClearRules ¶
func (e *Engine) ClearRules()
ClearRules removes all rules from the Suricata engine.
func (*Engine) EveLines ¶
EveLines returns a channel that streams EVE JSON lines parsed into EveLine structs.
func (*Engine) EveOutput ¶ added in v0.0.8
EveOutput returns a channel that streams raw EVE JSON lines from the Suricata engine.
func (*Engine) Reload ¶
Reload instructs Suricata to reload its rules, by writing the current rules to the temporary rules file and sending a USR2 signal to the Suricata process.
func (*Engine) RemoveRule ¶
RemoveRule removes a rule by index from the Suricata engine.
You should call Reload() to apply the changes.
func (*Engine) SetSuricataPath ¶
SetSuricataPath sets the path to the Suricata binary.
func (*Engine) Start ¶
Start initializes and starts the Suricata engine.
It creates necessary temporary files and pipes, writes initial rules, and starts the Suricata process with the specified arguments.
Source Files
Directories