Differences

This shows you the differences between two versions of the page.

--- tips:suricata-eve-unixsocket [2020/09/10 17:46] – navaneeth
+++ tips:suricata-eve-unixsocket [2020/09/17 19:21] – navaneeth
@@ Line 22: / Line 22: @@
-===== 3. Updating with latest ruleset =====
+==== 3. Updating with latest ruleset ====
 Use the following command to update the latest emerging-threats ruleset
@@ Line 63: / Line 63: @@
 {{:tips:suricata-alert.png?600|}}
+==== 7. Starting Suricata Automatically ====
+  * You need to install [[monit:monitoring_and_maintain_trisul_process|monit]] to enable this feature.
+  * Add a shellscript named //start-suricata.sh// in ///usr/local/etc/trisul-probe///
+<code>
+#!/bin/bash
+echo "Removing PID file"
+/bin/rm -f /var/run/suricata.pid
+echo "Starting suricata"
+/usr/bin/suricata --user trisul -l /usr/local/var/lib/trisul-probe/domain0/probe0/context0/run -c /etc/suricata/suricata.yaml -i ens18 -D
+echo "Done starting suricata"</code>
+  * You need to add the following statements in the ///etc/monit/monitrc file//.
+<code>check process suricata with pidfile /var/run/suricata.pid
+  start program = "/usr/local/etc/trisul-probe/start-suricata.sh"
+</code>
+  * Please ensure you restart monit
+<code>systemctl restart monit</code>