Python Flask-based dashboard to control and monitor Suricata IDS/IPS. Includes process control, rules and config editors, log viewer, traffic monitoring, RRD graphs, and DB-backed statistics.
- Real-time status (PID, uptime) and service controls
- Rules and configuration management
- Live log viewer with filters
- Traffic monitoring (TCP/UDP/ICMP/alerts) and RRD graphs
- Database storage for alerts/stats (PostgreSQL or MySQL)
- Cross-platform (Windows and Linux)
- Python 3.8+
- Suricata installed and runnable from your host
- Database: PostgreSQL or MySQL (SQLAlchemy is required)
- Optional: RRDtool system libs for graphing (Linux)
Python packages are pinned in requirements.txt.
- Install dependencies
python -m venv .venv && . .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -r requirements.txt- (Linux, optional) Enable RRD graphs
chmod +x install_rrdtool.sh
./install_rrdtool.sh- Configure environment (recommended via
.env)
Create a .env file in the repository root. Defaults are sensible per-OS; override what you need.
# Dashboard
FLASK_HOST=0.0.0.0
FLASK_PORT=5000
FLASK_DEBUG=True
DASHBOARD_NAME=Suricata Dashboard
# Suricata paths (Windows defaults auto-detected; Linux shown below)
SURICATA_BINARY_PATH=suricata
SURICATA_CONFIG_PATH=/etc/suricata/suricata.yaml
SURICATA_RULES_DIR=/etc/suricata/rules
SURICATA_LOG_DIR=/var/log/suricata
# RRD (optional; used if rrdtool is installed)
RRD_DIR=/var/lib/suricata/rrd
# Database (REQUIRED)
# Choose one: postgresql or mysql
DB_TYPE=postgresql
DB_HOST=localhost
DB_PORT=5432
DB_USER=postgres
DB_PASSWORD=changeme
DB_NAME=suricata
# Optional behavior
DB_RETENTION_DAYS=30
AUTO_RESTART_ENABLED=False
USE_HTTPS=False
SSL_CERT_PATH=binary/certificates/cert.pem
SSL_KEY_PATH=binary/certificates/key.pemNotes:
- Windows paths are inferred automatically; you can still override via
.env. - On first run, tables are created in the configured database.
- Run
python run.pyOpen http://localhost:5000 (or your configured host/port).
Process control
GET /api/status– Suricata statusPOST /api/start– Start SuricataPOST /api/stop– Stop SuricataPOST /api/restart– Restart SuricataPOST /api/reload-rules– Reload rules
Logs & configuration
GET /api/logs– Recent logsGET /api/rules– Rules listGET /api/config– Current configPOST /api/config– Save config
Monitoring & traffic
GET /api/monitor/data– Aggregated traffic and alertsGET /api/monitor/alerts– Recent alerts fromeve.jsonGET /api/monitor/events– All events fromeve.json
Database
GET /api/database/check– Connection statusGET /api/database/info– DB informationGET /api/database/alerts– Alerts from DBGET /api/database/traffic/latest– Latest traffic statsGET /api/database/traffic/recent– Recent traffic stats
RRD graphs (optional)
GET /api/rrd/graph– Render graph, params:metric,timespan- Metrics:
tcp,udp,icmp,alerts - Timespans:
5m,15m,30m,1h,6h,24h,7d,30d
- Metrics:
GET /api/rrd/update– Update RRD metrics from DB
- Configuration is managed via environment variables loaded in
config.py. .envis supported (loaded viapython-dotenv).- Per-OS defaults are applied when variables are not set.
Key variables
SURICATA_*– Paths to Suricata binary, config, rules, and logsDB_*andDB_TYPE– Database connectivity and retentionRRD_DIR– Folder for RRD files when RRDtool is installedFLASK_*– Host, port, and debug modeUSE_HTTPS,SSL_CERT_PATH,SSL_KEY_PATH– Enable TLS for the dashboard
- RRDtool not installed: graphs are disabled; install using
install_rrdtool.shon Linux. - Database connection errors: verify
DB_*values and that the DB is reachable; tables are created automatically on first successful connection. - Windows paths: escape backslashes in
.envor use forward slashes.
- Use only in trusted environments; add authentication for production.
- Run with appropriate privileges and secure file permissions for Suricata paths.
This project is for educational and defensive security purposes only.