#!/bin/sh
# Start/stop/restart suricata
# This file written from James Bond <evanton@tut.by>

# This tell suricata which interface to listen on (any for every interface)
IFACE=${IFACE:-eth0}

# Make sure this matches your IFACE
PIDFILE=/var/run/suricata_$IFACE.pid

# You probably don't want to change this, but in case you do
LOGDIR="/var/log/suricata"

# Probably not this either
CONF=/etc/suricata/suricata.yaml

# Start suricata:
suricata_start() {
  CMDLINE="/usr/bin/suricata -D -i $IFACE"
  echo "Starting Suricata daemon:  $CMDLINE"
  $CMDLINE --pidfile $PIDFILE -l $LOGDIR -c $CONF
  echo
}

# Stop suricata:
suricata_stop() {
  echo -n "Stopping Suricata daemon ($IFACE)..."
  kill $(cat $PIDFILE)
  echo
  sleep 1
  rm -f $PIDFILE
}

# Restart suricata:
suricata_restart() {
  suricata_stop
  sleep 1
  suricata_start
}

case "$1" in
'start')
  suricata_start
  ;;
'stop')
  suricata_stop
  ;;
'restart')
  suricata_restart
  ;;
*)
  echo "usage $0 start|stop|restart"
esac