Feature #5014: Enable suricatasc to use configured command socket by default - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #5014

open

Enable suricatasc to use configured command socket by default

Added by Darren Spruell almost 3 years ago. Updated 4 months ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Info:
- Debian GNU/Linux 11 (bullseye)
- Linux sensor-1 5.10.0-10-amd64 #1 SMP Debian 5.10.84-1 (2021-12-08) x86_64 GNU/Linux
- Python 3.9.2
- Suricata version 6.0.1 RELEASE (Debian package: suricata 1:6.0.1-3)

suricatasc appears to use a default socket path and fails to connect to the command socket when Suricata's has been customized, requiring the user to provide the socket path at runtime.

# suricata --dump-config |grep unix-command
unix-command = (null)
unix-command.enabled = yes
unix-command.filename = /var/run/suricata/suricata-command.socket

# suricatasc -c uptime
Unable to connect to socket /var/run/suricata-command.socket: [Errno 2] No such file or directory

# suricatasc -c uptime /var/run/suricata/suricata-command.socket
{"message": 311082, "return": "OK"}

Would it be possible to have suricatasc use the configured socket path from suricata.yaml or autoconfigure for it in some way? If not, could it read the socket path from an environment variable? It would be convenient to not have to specify a custom socket path.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #5014

Enable suricatasc to use configured command socket by default

Updated by Philippe Antoine 4 months ago