suricatasc dump-counters returns error when return message is larger than 4096
"dump-counters" return message size can vary according to the number of threads. If message size is larger than 4096 bytes the command will fail with following error:
# /opt/suricata/bin/suricatasc -c dump-counters Traceback (most recent call last): File "/opt/suricata/bin/suricatasc", line 46, in <module> res = sc.send_command(command, arguments) File "/opt/suricata/lib/python2.7/site-packages/suricatasc/suricatasc.py", line 126, in send_command raise SuricataReturnException("Unable to get message from server") suricatasc.suricatasc.SuricataReturnException: Unable to get message from server
While troubleshooting, direct connection to socket using "nc -U file.socket" works fine. Then, I found that in "suricatasc.py", the message size is hard-coded to 4096:
SIZE = 4096
When data is received in json_recv(), it will be truncated at that size and "json.loads(data)" will fail to parse.
OS: Ubuntu 16.04