Project

General

Profile

Actions

Feature #4149

open

Research: Dynamic datasets

Added by Jeff Lucovsky over 3 years ago. Updated over 3 years ago.

Status:
Feedback
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Chris G Nov 12th at 11:23 AM
We are not using datasets yet in production, but one big issue is our datasets are constantly changing and managing static files and suricata reloads is pain. What about tying a dataset to a Redis keyspace? Much easier to dynamically swap out data there. (edited)

2 replies

Andreas Herz 1 day ago
Can you elaborate a bit more why it's a pain?
Not to say that using something like redis might be worth to look into, right now it's only used for logging output

Chris G 1 day ago
Missed this one. Mostly because we already want that data in place where other applications can easily access and not worry about keeping it in sync. Also if I understand it correctly, we basically want to use dynamic sets exclusively and have them persist across restarts/reloads.


Related issues 1 (1 open0 closed)

Related to Suricata - Task #4097: Suricon 2020 brainstormAssignedVictor JulienActions
Actions #1

Updated by Jeff Lucovsky over 3 years ago

  • Related to Task #4097: Suricon 2020 brainstorm added
Actions #2

Updated by Victor Julien over 3 years ago

  • Status changed from New to Feedback
  • Assignee set to Community Ticket
  • Target version set to TBD

Datasets are persistent (suricata restart will save/load). Data can be added and removed through the unix socket interface. What else is needed? I think using extra tooling the bridge with redis could be made.

Actions

Also available in: Atom PDF