diff --git a/shared/bin/pcap_processor.py b/shared/bin/pcap_processor.py index 980d6aa6b..a152a0df5 100755 --- a/shared/bin/pcap_processor.py +++ b/shared/bin/pcap_processor.py @@ -128,6 +128,7 @@ def arkimeCaptureFileWorker(arkimeWorkerArgs): autoTag, notLocked, logger, + debug, ) = ( arkimeWorkerArgs[0], arkimeWorkerArgs[1], @@ -140,6 +141,7 @@ def arkimeCaptureFileWorker(arkimeWorkerArgs): arkimeWorkerArgs[8], arkimeWorkerArgs[9], arkimeWorkerArgs[10], + arkimeWorkerArgs[11], ) if not logger: @@ -245,6 +247,7 @@ def zeekFileWorker(zeekWorkerArgs): uploadDir, defaultExtractFileMode, logger, + debug, ) = ( zeekWorkerArgs[0], zeekWorkerArgs[1], @@ -256,6 +259,7 @@ def zeekFileWorker(zeekWorkerArgs): zeekWorkerArgs[7], zeekWorkerArgs[8], zeekWorkerArgs[9], + zeekWorkerArgs[10], ) if not logger: @@ -393,6 +397,7 @@ def suricataFileWorker(suricataWorkerArgs): uploadDir, suricataConfig, logger, + debug, ) = ( suricataWorkerArgs[0], suricataWorkerArgs[1], @@ -404,6 +409,7 @@ def suricataFileWorker(suricataWorkerArgs): suricataWorkerArgs[7], suricataWorkerArgs[8], suricataWorkerArgs[9], + suricataWorkerArgs[10], ) if not logger: @@ -413,7 +419,12 @@ def suricataFileWorker(suricataWorkerArgs): # create a single socket client for this worker try: - suricata = SuricataSocketClient(socket_path=socketPath, logger=logger, output_dir=uploadDir) + suricata = SuricataSocketClient( + socket_path=socketPath, + logger=logger, + debug=debug, + output_dir=uploadDir, + ) except Exception as e: logger.error(f"Failed to create Suricata socket client: {e}") suricata = None @@ -804,6 +815,7 @@ def main(): args.autoTag, args.notLocked, logging, + args.verbose <= logging.DEBUG, ], ), ) @@ -823,6 +835,7 @@ def main(): args.zeekUploadDir, args.zeekExtractFileMode, logging, + args.verbose <= logging.DEBUG, ], ), ) @@ -842,6 +855,7 @@ def main(): args.suricataUploadDir, args.suricataConfigFile, logging, + args.verbose <= logging.DEBUG, ], ), ) diff --git a/shared/bin/suricata_socket.py b/shared/bin/suricata_socket.py index 351cb79e5..524adc5d3 100644 --- a/shared/bin/suricata_socket.py +++ b/shared/bin/suricata_socket.py @@ -15,6 +15,7 @@ def __init__( self, socket_path: str = '/var/run/suricata/suricata-command.socket', logger: Optional[logging.Logger] = None, + debug: bool = False, max_retries: int = 30, retry_delay: int = 1, output_dir: str = '/var/log/suricata', @@ -24,7 +25,7 @@ def __init__( self.max_retries = max_retries self.retry_delay = retry_delay self.output_dir = output_dir - self.debug_enabled = False # change this to True to enable debug logging + self.debug_enabled = debug self.debug_log = os.path.join(self.output_dir, 'socket_debug.log') # Ensure log directory exists diff --git a/suricata/supervisord.conf b/suricata/supervisord.conf index c5daca685..e44a802ab 100644 --- a/suricata/supervisord.conf +++ b/suricata/supervisord.conf @@ -19,7 +19,7 @@ serverurl=unix:///tmp/supervisor.sock [program:pcap-suricata] command=python3 /usr/local/bin/pcap_suricata_processor.py %(ENV_PCAP_PIPELINE_VERBOSITY)s - --start-sleep 10 + --start-sleep 45 --threads %(ENV_SURICATA_AUTO_ANALYZE_PCAP_THREADS)s --publisher "%(ENV_PCAP_MONITOR_HOST)s" --pcap-directory /data/pcap/processed