Project

General

Profile

Actions
Copy link

Support #2517

closed

Reload rules for tenants in Multi Tenancy mode

Added by Daniel Snow over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Affected Versions:
4.0.4
Label:

Description

Hi,

I'm running Suricata 4.0.4 under the Ubuntu 16.04.4 with two tenants presented and different rules assigned to each of them.

I can't figure out how to reload rules for tenants, seems kill -USR2 $(pidof suricata) works only for rules placed in the main suricata.yaml file and not for tenants.

Also I've tried to use the suricatasc tool and suricatasc -c 'reload-tenant 2 /etc/suricata/group-2.yaml' command with no success - Suricata running in AF_PACKET mode just falls.

My multi-tenant related config is following:

/etc/suricata/suricata.yaml

multi-detect:
enabled: yes
selector: vlan
loaders: 3

tenants:
  - id: 1
    yaml: group-1.yaml
  - id: 2
    yaml: group-2.yaml
mappings:
  - vlan-id: 1
    tenant-id: 1
  - vlan-id: 1923
    tenant-id: 2

group-1.yaml and group-2.yaml are in the /etc/suricata/ with suricata.yaml

Can someone provide guidelines, how to reload sets of rules for specific tenants? Or this feature is broken?

Regards, Daniel.

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #2518: Tenant rules reload completely broken in 4.x.xClosedVictor JulienActions
Actions
Copy link

Also available in: Atom PDF