Project

General

Profile

Actions

Feature #1956

open

Add option to re-initialise Lua output scripts

Added by Chris Wakelin over 7 years ago. Updated over 4 years ago.

Status:
Assigned
Priority:
Normal
Target version:
Effort:
medium
Difficulty:
medium
Label:

Description

It would be useful to be able to re-initialise Lua output scripts without restarting Suricata; for example when adding known cryptographic keys to a malware traffic decoding script, or adding a new output.

It would also be nice to be able to cycle Lua output logs in the same way as the main ones

Actions #1

Updated by Victor Julien over 7 years ago

  • Status changed from New to Assigned
  • Assignee set to Jason Ish
  • Target version set to TBD

This could perhaps be done by honouring the rotation flag so that a HUP will reinit the script(s).

Actions #2

Updated by Jason Ish about 7 years ago

There are 2 things here, the first being able to reload the output scripts which fits better with SIGUSR2.

The log rotation could probably be done by registering a flag or something? The Lua script would be in charge of actually doing the rotation right? As it manages the file, but at least it could get notification that rotation was requested.

Actions #3

Updated by Victor Julien about 5 years ago

  • Assignee changed from Jason Ish to Community Ticket
  • Priority changed from Low to Normal
  • Effort set to medium
  • Difficulty set to medium
Actions #4

Updated by Victor Julien over 4 years ago

Agree with Jason. Not sure on what the mechanics should look like. The 'reinit' could simply call deinit followed by init. Or maybe a 'reinit' if it is present. The rotation should probably be separate function the script defined. Just 'rotate' probably?

Actions

Also available in: Atom PDF