Bug #3476: datasets: Dataset not working in unix socket mode - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #3476

closed

Task #3759: datasets: finalize to move out of 'experimental'

datasets: Dataset not working in unix socket mode

Added by Eric Leblond about 4 years ago. Updated over 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Shivani Bhardwaj

Target version:

6.0.0beta1

Affected Versions:

5.0.3

Effort:

Difficulty:

Label:

Description

Dataset is not working in unix-socket mode. When a dataset (let's say ua) is defined in the yaml and when a rule is using the dataset (like doing dataset:set,ua), then Suricata fails loading when running in unix socket mode.

The reason is that DatasetsInit is called in the PreRunInit function that is called when pcap processing start. Thus at detection engine build time, the dataset is not yet defined and the rule fails to load.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #3476

datasets: Dataset not working in unix socket mode

Updated by Victor Julien almost 4 years ago

Updated by Victor Julien almost 4 years ago

Updated by Victor Julien almost 4 years ago

Updated by Victor Julien almost 4 years ago

Updated by Shivani Bhardwaj over 3 years ago

Updated by Shivani Bhardwaj over 3 years ago