Support #1681
closedMissing commands in suricatasc
Description
Hey,
I want to report a bug we briefly discussed on IRC.
Issue: the pcap-file command appears to be missing in the Unix socket interface
[root@rkv-ids-node003 suricata-3.0]STAGING# python2 scripts/suricatasc/suricatasc -v -c 'pcap-file /root/foo.pcap /var/log/suricata'
SND: {"version": "0.1"}
RCV: {"return": "OK"}
SND: {"command": "command-list"}
RCV: {"message": {"count": 17, "commands": ["shutdown", "command-list", "help", "version", "uptime", "running-mode", "capture-mode", "conf-get", "dump-counters", "reload-rules", "register-tenant-handler", "unregister-tenant-handler", "register-tenant", "reload-tenant", "unregister-tenant", "iface-stat", "iface-list"]}, "return": "OK"}
Traceback (most recent call last):
File "scripts/suricatasc/suricatasc", line 45, in <module>
(command, arguments) = sc.parse_command(args.command)
File "/usr/lib64/python2.7/site-packages/suricatasc/suricatasc.py", line 284, in parse_command
raise SuricataCommandException("Unknown command '%s'" % (command))
suricatasc.suricatasc.SuricataCommandException: Unknown command 'pcap-file /root/foo.pcap /var/log/suricata'
[root@rkv-ids-node003 suricata-3.0]STAGING# python2 scripts/suricatasc/suricatasc Command list: shutdown, command-list, help, version, uptime, running-mode, capture-mode, conf-get, dump-counters, reload-rules, register-tenant-handler, unregister-tenant-handler, register-tenant, reload-tenant, unregister-tenant, iface-stat, iface-list, quit
I used the stable tarball.
md5sum suricata-3.0.tar.gz a964af69263592c625b56f72d49e8d24 suricata-3.0.tar.gz
I compiled it:
./configure --enable-luajit --with-libpcap_ng-libraries=/usr/local/lib --with-libpcap_ng-includes=/usr/local/include/ --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --disable-gccmarch-native --enable-gccprotect --with-libluajit-includes=/usr/include/luajit-2.0 --with-libluajit-libraries=/usr/lib/ --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ --with-libnspr-libraries=/usr/lib --enable-unittests
Unit tests pass from suricata -u U
==== TEST RESULTS ==== PASSED: 3776 FAILED: 0 ======================
In the 2.0.X versions it was like:
suricatasc Command list: shutdown, command-list, help, version, uptime, running-mode, capture-mode, conf-get, dump-counters, pcap-file, pcap-file-number, pcap-file-list, pcap-current, quit
Best,
Marius
Updated by Eric Leblond over 8 years ago
Marius Ciepluch wrote:
Hey,
I want to report a bug we briefly discussed on IRC.
Issue: the pcap-file command appears to be missing in the Unix socket interface
Are you sure you are running in unix mode ? Just tested here and "suricata --unix-socket" gives me$ suricatasc
Command list: shutdown, command-list, help, version, uptime, running-mode, capture-mode, conf-get, dump-counters, reload-rules, register-tenant-handler, unregister-tenant-handler, register-tenant, reload-tenant, unregister-tenant, pcap-file, pcap-file-number, pcap-file-list, pcap-current, quit
Updated by Marius Ciepluch over 8 years ago
You are right. The commands in the Unix socket interface show up depending on mode. Sorry for the confusin.
Updated by Victor Julien over 8 years ago
- Tracker changed from Bug to Support
- Status changed from New to Closed
- Target version deleted (
3.0)