Basic syntax

$ suricata [options]

Options

-c <path>

path to configuration file

-i <dev or ip>

run in pcap live mode

-r <path>

run in pcap file/offline mode

-s <path>

path to signature file (optional)

-l <dir>

default log directory

-D

run as daemon

--pidfile <file>

write pid to this file (only for daemon mode)

--init-errors-fatal

enable fatal failure on signature init error

--dump-config

show the running configuration

--user <user>

run suricata as this user after init

--group <group>

run suricata as this group after init

--erf-in <path>

process an ERF file