Project

General

Profile

Actions
Copy link

Feature #6214

open

multi-tenant: suricatasc command with parity with non-tenant commands for rules

Added by Jonathan Perkins over 2 years ago. Updated 26 days ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

Hi all, I have recently been working with suricata tenants and noticed that we did not have the same set of controls for reloading tenant rules via suricatasc as the main ruleset. Would it be possible to gain the ability to just reload the ruleset for tenants instead of having to reload the entire tenant? If this sounds like a good idea, I can work on a contribution to the project for this.

The commands that I’m interested in mirroring for tenants are the following:
ruleset-reload-rules
Reload the ruleset and wait for completion.

reload-rules
Alias .. describe ruleset-reload-rules.

ruleset-reload-nonblocking
Reload ruleset and proceed without waiting.

ruleset-reload-time
Return time of last reload.

ruleset-stats
Display the number of rules loaded and failed.

ruleset-failed-rules
Display the list of failed rules.

Related issues 2 (2 open0 closed)

Related to Suricata - Task #8095: libsuricata: expose API for reloading rulesetsAssignedJason IshActions
Related to Suricata - Feature #8099: multi-tenant: optionally reload tenant rules on SIGUSR2NewOISF DevActions
Actions
Copy link

Also available in: Atom PDF