Add option to re-initialise Lua output scripts
It would be useful to be able to re-initialise Lua output scripts without restarting Suricata; for example when adding known cryptographic keys to a malware traffic decoding script, or adding a new output.
It would also be nice to be able to cycle Lua output logs in the same way as the main ones
Updated by Jason Ish over 5 years ago
There are 2 things here, the first being able to reload the output scripts which fits better with SIGUSR2.
The log rotation could probably be done by registering a flag or something? The Lua script would be in charge of actually doing the rotation right? As it manages the file, but at least it could get notification that rotation was requested.
Updated by Victor Julien about 3 years ago
Agree with Jason. Not sure on what the mechanics should look like. The 'reinit' could simply call deinit followed by init. Or maybe a 'reinit' if it is present. The rotation should probably be separate function the script defined. Just 'rotate' probably?