在 Mac OS X 上使用 launchctl 启动 Suricata

在 Mac OS X 上使用 launchctl 启动 Suricata

使用 Mac OS X Yosemite 10.10.3。

我正在尝试使用 让 Suricata 在启动时以守护进程模式启动launchctl。这是我的/Library/LaunchDaemons/org.suricata.Suricata.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>org.suricata.Suricata</string>
    <key>KeepAlive</key>
    <true/>
    <key>RunAtLoad</key>
    <true/>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/bin/suricata</string>
        <string>-c</string>
        <string>/usr/local/etc/suricata/suricata.yaml</string>
        <string>-i</string>
        <string>en2</string>
        <string>-D</string>
    </array>
<key>ServiceDescription</key>
<string>Suricata WiFi Net</string>
</dict>
</plist>

但推出后

$ sudo launchctl load -w /Library/LaunchDaemons/org.suricata.Suricata.plist

获取此信息suricata.log

[ERRCODE: SC_ERR_INITIALIZATION(45)] - pid file '/usr/local/var/run/suricata/suricata.pid' exists. Is Suricata already running? Aborting!

我尝试卸载守护进程,删除此suricata.pid文件并终止现有进程(实际上并未用launchctl unload命令终止),如下所示:

$ sudo launchctl unload -w /Library/LaunchDaemons/org.suricata.Suricata.plist
$ sudo kill $(pidof suricata)
$ rm -f /usr/local/var/run/suricata/suricata.pid

但它没有帮助所以我得到了这个suricata.log

.pid' exists. Is Suricata already running? Aborting!

请问有人能解释一下如何让 suricata 在 osx 启动时启动吗?我做错了什么?

答案1

我找到了一个答案:只需在 .plist 中删除:

<key>KeepAlive</key>
<true/>

现在它将在使用时终止该作业的所有实例launchctl unload

相关内容