Project

General

Profile

Feature #2681

Reloading of categories file, IP reputation list during rule live reload

Added by Dan Wallmeyer 5 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
-
Effort:
Difficulty:
Label:

Description

I first brought this up at the Advanced Suricata Training in Vancouver. Currently when a live rule reload is performed (SIGUSR2), only the rule file is reloaded.

If there are rules that are a part of a new category, the live reload does not reload the categories file and rules fail.
My current work around is to fully restart Suricata, which works but is not ideal.

Ideally the live reload would also reload the categories file.
Additionally I believe that any file needed by signatures such as the ip reputation list and references definition/config file should also be reloaded as they could be referenced by new rules.

If you need more info or feedback please let me know.

Thanks,
Dan

Also available in: Atom PDF