Feature #1956
openAdd option to re-initialise Lua output scripts
Description
It would be useful to be able to re-initialise Lua output scripts without restarting Suricata; for example when adding known cryptographic keys to a malware traffic decoding script, or adding a new output.
It would also be nice to be able to cycle Lua output logs in the same way as the main ones
Updated by Victor Julien almost 8 years ago
- Status changed from New to Assigned
- Assignee set to Jason Ish
- Target version set to TBD
This could perhaps be done by honouring the rotation flag so that a HUP will reinit the script(s).
Updated by Jason Ish over 7 years ago
There are 2 things here, the first being able to reload the output scripts which fits better with SIGUSR2.
The log rotation could probably be done by registering a flag or something? The Lua script would be in charge of actually doing the rotation right? As it manages the file, but at least it could get notification that rotation was requested.
Updated by Victor Julien over 5 years ago
- Assignee changed from Jason Ish to Community Ticket
- Priority changed from Low to Normal
- Effort set to medium
- Difficulty set to medium
Updated by Victor Julien about 5 years ago
Agree with Jason. Not sure on what the mechanics should look like. The 'reinit' could simply call deinit followed by init. Or maybe a 'reinit' if it is present. The rotation should probably be separate function the script defined. Just 'rotate' probably?