mirror of https://github.com/OISF/suricata.git synced 2026-02-16 00:57:51 -05:00

History

Philippe Antoine c164cfcf6b plugins: check version for all plugins		2025-03-29 06:38:00 +01:00
..
Makefile.am	napatech: add as plugin	2024-10-12 11:03:34 +02:00
plugin.c	plugins: check version for all plugins	2025-03-29 06:38:00 +01:00
README.md	napatech: add as plugin	2024-10-12 11:03:34 +02:00
runmode-napatech.c	napatech: add as plugin	2024-10-12 11:03:34 +02:00
runmode-napatech.h	napatech: add as plugin	2024-10-12 11:03:34 +02:00
source-napatech.c	packetpool: allow larger max-pending-packets	2024-10-12 11:03:34 +02:00
source-napatech.h	napatech: add as plugin	2024-10-12 11:03:34 +02:00
util-napatech.c	gen/bool: Clarify bool checks	2025-02-19 09:21:34 +01:00
util-napatech.h	napatech: add as plugin	2024-10-12 11:03:34 +02:00

README.md

Napatech Plugin Capture Plugin

Building

To build this plugin, configure Suricata with the --enable-napatech and optionally the --with-napatech-includes and --with-napatech-libraries command line options.

Running

/usr/local/suricata/bin/suricata \
    --set plugins.0=/usr/local/lib/suricata/napatech.so \
    --capture-plugin=napatech

--set plugins.0=/usr/local/lib/suricata/napatech.so

This command line option tells Suricata about this plugin. This could also be done in suricata.yaml with the following section:

plugins:
  - /usr/local/lib/suricata/napatech.so

--capture-plugin=napatech

This is the option that tells Suricata to use a plugin for capture, much like --pcap tells Suricata to use libpcap or --af-packet tells Suricata to use AF_PACKET. Here we are telling it to look for a loaded plugin of the name napatech to provide the capture method.

There is another command line option --capture-plugin-args to pass arbitrary data on the command line to a capture plugin, but this plugin does not yet handle data provided through this command line parameter.