Feature #6214
openmulti-tenant: suricatasc command with parity with non-tenant commands for rules
Description
Hi all, I have recently been working with suricata tenants and noticed that we did not have the same set of controls for reloading tenant rules via suricatasc as the main ruleset. Would it be possible to gain the ability to just reload the ruleset for tenants instead of having to reload the entire tenant? If this sounds like a good idea, I can work on a contribution to the project for this.
The commands that I’m interested in mirroring for tenants are the following:
ruleset-reload-rules
Reload the ruleset and wait for completion.
reload-rules
Alias .. describe ruleset-reload-rules.
ruleset-reload-nonblocking
Reload ruleset and proceed without waiting.
ruleset-reload-time
Return time of last reload.
ruleset-stats
Display the number of rules loaded and failed.
ruleset-failed-rules
Display the list of failed rules.
Updated by Jason Ish 26 days ago
- Subject changed from mirror ruleset reload commands for tenants in suricata socket control to tenants: suricatasc command with parity with non-tenant commands for rules
- Target version changed from TBD to 9.0.0-beta1
Seems reasonable for 9.
I'm curious how "reload-tenant"/"reload-tenants" differs from "reload-rules" rules.
A may look at this while also looking at #8095 as all the features here should be addressed by that.
Updated by Jason Ish 26 days ago
- Related to Task #8095: libsuricata: expose API for reloading rulesets added
Updated by Jason Ish 26 days ago
- Related to Feature #8099: multi-tenant: optionally reload tenant rules on SIGUSR2 added