Project

General

Profile

Actions

Feature #5209

open

Add "status" mode to Suricata's socket command interface

Added by Jeff Lucovsky 6 months ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Add a status command to Suricata's socket interface that
- Is always available (when appropriate) even if Suricata is performing the initial rule load
- Returns brief status information including Suricata's "stage"

Example showing how this might look:

>>> status
Success:
"Suricata loading rules" 
>>> status
Success:
"Suricata running" 

Additional information could be provided such as uptime, and the running and capture mode:

>>> status
Success:
"Suricata loading rules" 
>>> status
Success:
"Suricata running,433,AF_PACKET_DEV,workers" 

Having an always available status command means that Suricata will start the US thread earlier in its startup. This will allow enterprise monitoring to retrieve Suricata's status always, instead of only after initial rule loading and eliminates a "blackout period" during initial rule load.

Actions

Also available in: Atom PDF