What is the proper way to verify that Suricata is ready to inspect traffic?

marcus · August 26, 2025, 08:35:10 PM

I'm trying to make sure that my test processes are being conducted correctly.

I've been monitoring the suricata process with top from a root shell and I've noticed that it is still quite busy after the Web UI has shown things like saving or applying settings has completed, or after the box beeps the speaker to signal that it's finished booting.

I've had no luck finding an answer to this with a web search.

Is the log file a reliable indicator?

Thanks -

What is the proper way to verify that Suricata is ready to inspect traffic?

marcus

August 26, 2025, 08:35:10 PM