Feature #1956
open
Add option to re-initialise Lua output scripts
Added by Chris Wakelin about 8 years ago.
Updated about 5 years ago.
Description
It would be useful to be able to re-initialise Lua output scripts without restarting Suricata; for example when adding known cryptographic keys to a malware traffic decoding script, or adding a new output.
It would also be nice to be able to cycle Lua output logs in the same way as the main ones
- Status changed from New to Assigned
- Assignee set to Jason Ish
- Target version set to TBD
This could perhaps be done by honouring the rotation flag so that a HUP will reinit the script(s).
There are 2 things here, the first being able to reload the output scripts which fits better with SIGUSR2.
The log rotation could probably be done by registering a flag or something? The Lua script would be in charge of actually doing the rotation right? As it manages the file, but at least it could get notification that rotation was requested.
- Assignee changed from Jason Ish to Community Ticket
- Priority changed from Low to Normal
- Effort set to medium
- Difficulty set to medium
Agree with Jason. Not sure on what the mechanics should look like. The 'reinit' could simply call deinit followed by init. Or maybe a 'reinit' if it is present. The rotation should probably be separate function the script defined. Just 'rotate' probably?
Also available in: Atom
PDF