show total number of active drop and alert rules

Started by sol, April 21, 2020, 09:52:48 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 21, 2020, 09:52:48 AM
Hi there,

How can I list the total number of active drop and alert rules?
Is it possible in the gui or are there any commands for the shell.

Thx.
May 04, 2020, 12:53:40 AM #1
Count all enabled rules:
Code Select
# sqlite3 -readonly /usr/local/etc/suricata/rules/rules.sqlite "SELECT COUNT(*) FROM rules WHERE enabled = True;"

Count only enabled 'drop' rules:
Code Select
# sqlite3 -readonly /usr/local/etc/suricata/rules/rules.sqlite "SELECT COUNT(*) FROM rules WHERE enabled = True AND action LIKE 'drop';"

Count only enabled 'alert' rules:
Code Select
# sqlite3 -readonly /usr/local/etc/suricata/rules/rules.sqlite "SELECT COUNT(*) FROM rules WHERE enabled = True AND action LIKE 'alert';"

May 05, 2020, 11:19:40 AM #2
Perfect!
Thank you very much!
May 05, 2020, 12:32:09 PM #3
You're welcome.  :)
Print
Go Up Pages1
User actions