Skip to content

Commit

Permalink
suricata/entrypoint.sh: add PCAP_FILE_CONTINUOUS env
Browse files Browse the repository at this point in the history
  • Loading branch information
@aiooss-anssi
aiooss-anssi committed Jan 16, 2024
1 parent 6388238 commit cb60365
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions suricata/entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,12 @@
echo "Cleaning previous Suricata output"
rm -f suricata/output/eve.json suricata/output/tcpstore.log suricata/output/udpstore.log

echo "Starting Suricata with HOME_NET=$CTF_HOME_NET PCAP_FILE=$PCAP_FILE"
SURICATA_PARAM="--runmode=single --no-random"
if [ "${PCAP_FILE_CONTINUOUS:=true}" = true ]; then
SURICATA_PARAM="${SURICATA_PARAM} --pcap-file-continuous"
fi
echo "Starting Suricata with HOME_NET=$CTF_HOME_NET PCAP_FILE=$PCAP_FILE PCAP_FILE_CONTINUOUS=$PCAP_FILE_CONTINUOUS"
suricata -c suricata/suricata.yaml -r input_pcaps -l suricata/output \
--set vars.address-groups.HOME_NET="${CTF_HOME_NET}" \
--set outputs.1.eve-log.pcap-file=${PCAP_FILE:=true} \
--runmode=single --no-random \
--pcap-file-continuous
${SURICATA_PARAM}

0 comments on commit cb60365

Please sign in to comment.