Project

General

Profile

Actions

Feature #1712

open

multitenancy: 'lite' tenants

Added by Andrew Brown about 8 years ago. Updated about 5 years ago.

Status:
New
Priority:
Normal
Target version:
Effort:
medium
Difficulty:
high
Label:

Description

I'm currently using Suricata as a daemon with the unix-socket interface. The #1 purpose for this is starting Suricata takes ~60 seconds, and scanning the file takes ~2 seconds. The problem is when I want to scan a file with a non-standard home_net I have to alter the configuration file then make suricata start up from scratch, loading all rules again (and taking another 60 seconds).

I see multi-tenancy offers a way to load multiple partial configuration files on-the-fly. However currently I have to specify a rule set for the tenant and the engine has to load those rules. Ideally I could specify a tenant without any rule files (just no rules section in the tenant yaml), and in this case Suricata would just use the rules loaded by the default configuration file. This would allow changing variables, such as HOME_NET, quickly without reloading the entire ruleset.

Actions

Also available in: Atom PDF