On 2020-01-21, [email protected] <[email protected]> wrote: > To START suricata in live mode - > Do this (as root): > > #suricata -v -c /etc/suricata/suricata.yaml -i em0 &
Well, that's one way. Or you can use the OS mechanisms. > To STOP suricata: pgrep suricata and kill -9 the pid returned. Why pgrep then kill when you can just pkill? -9 is a bit of a big hammer and doesn't give things a chance to close cleanly.
