GitHub - ivantirado/suritik: Script for adding Suricata alerts into Mikrotik routers.

Suritik

Python script for adding Suricata alerts into Mikrotik routers.

It's reading from Suricata eve-log file named alerts.json.

Requirements:

python-librouteros
python-ujson
python-pyinotify

In suricata.yaml add another eve-log:

  - eve-log:
      enabled: yes 
      filetype: regular
      filename: alerts.json   
      types:      
        - alert

Additionally, if using logrotate for rotating logs, you should have 'copytruncate' option in /etc/logrotate.d/suricata.

I'm using it as a systemd service:

[Unit]
Description=Suricata to Mikrotik API in Python
After=network.target network-online.target time-sync.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/python3 /usr/local/bin/suritik.py
Restart=always
RestartSec=3
Environment=PYTHONUNBUFFERED=1

[Install]
WantedBy=multi-user.target

Credits for idea:

tomfisk - https://forum.mikrotik.com/viewtopic.php?f=2&t=111727
elmaxid - https://github.com/elmaxid/Suricata2MikroTik

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
.gitignore		.gitignore
README.md		README.md
suritik.py		suritik.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Suritik

About

Releases

Packages

Languages

ivantirado/suritik

Folders and files

Latest commit

History

Repository files navigation

Suritik

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages