Project

General

Profile

Actions
Copy link

Feature #1712

open

multitenancy: 'lite' tenants

Added by Andrew Brown about 8 years ago. Updated about 5 years ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
medium
Difficulty:
high
Label:

Description

I'm currently using Suricata as a daemon with the unix-socket interface. The #1 purpose for this is starting Suricata takes ~60 seconds, and scanning the file takes ~2 seconds. The problem is when I want to scan a file with a non-standard home_net I have to alter the configuration file then make suricata start up from scratch, loading all rules again (and taking another 60 seconds).

I see multi-tenancy offers a way to load multiple partial configuration files on-the-fly. However currently I have to specify a rule set for the tenant and the engine has to load those rules. Ideally I could specify a tenant without any rule files (just no rules section in the tenant yaml), and in this case Suricata would just use the rules loaded by the default configuration file. This would allow changing variables, such as HOME_NET, quickly without reloading the entire ruleset.

Actions
Copy link
 #1

Updated by Victor Julien about 8 years ago

  • Subject changed from Allow changing of configuration variables, perhaps through multi-tenancy, without reloading rules to multitenancy: 'lite' tenants
  • Assignee set to Anonymous
  • Target version set to TBD

Calling this 'lite' tenants.

Technically it seems challenging due to how tenants work (they are complete detection engines currently).

Actions
Copy link
 #2

Updated by Jason Ish almost 6 years ago

  • Effort set to medium
  • Difficulty set to high
Actions
Copy link
 #3

Updated by Andreas Herz about 5 years ago

  • Assignee set to Community Ticket
Actions
Copy link

Also available in: Atom PDF