socket

Documentation

Overview

Package socket contains functionality to send commands to Suricata via its Unix socket.

Proper usage of the socket:

1. Connect()
2. Send()
3. Close()

Index

• type Command
• type CommandName
• type Response
• type Socket
  • func New(addr string) *Socket
  • func (s *Socket) Close() error
  • func (s *Socket) Connect() error
  • func (s *Socket) Send(cmd *Command) (*Response, error)
• type Version

Types

type Command

type Command struct {
	Name CommandName       `json:"command,"`
	Args map[string]string `json:"arguments,omitempty"`
}

Command represents a Suricata Unix socket command.

Protocol: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Unix_Socket#Protocol

type CommandName

type CommandName string

CommandName represents a Suricata Unix socket command name.

https://suricata.readthedocs.io/en/suricata-4.0.5/unix-socket.html

const (
	ReloadRules CommandName = "reload-rules"
)

Suricata socket commands.

type Response

type Response struct {
	Return  string `json:"return,"`
	Message string `json:"message,string"`
}

Response represents a Suricata Unix socket command response.

type Socket

type Socket struct {
	// contains filtered or unexported fields
}

Socket represents a Suricata Unix socket server connection.

func New

func New(addr string) *Socket

New creates a new Socket.

func (*Socket) Close

func (s *Socket) Close() error

Close closes the Suricata Unix socket connection.

func (*Socket) Connect

func (s *Socket) Connect() error

Connect dials the Suricata Unix socket and prepares the connection for receiving commands.

func (*Socket) Send

func (s *Socket) Send(cmd *Command) (*Response, error)

Send sends a command to Suricata and returns its response.

type Version

type Version struct {
	ID string `json:"version,"`
}

Version represents a version message, which must be sent and return "OK" before sending commands.