Feature #5209: Add "status" mode to Suricata's socket command interface - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #5209

open

Add "status" mode to Suricata's socket command interface

Added by Jeff Lucovsky over 2 years ago. Updated over 2 years ago.

Status:

New

Priority:

Normal

Assignee:

Community Ticket

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Add a status command to Suricata's socket interface that
- Is always available (when appropriate) even if Suricata is performing the initial rule load
- Returns brief status information including Suricata's "stage"

Example showing how this might look:

>>> status
Success:
"Suricata loading rules" 
>>> status
Success:
"Suricata running"

Additional information could be provided such as uptime, and the running and capture mode:

>>> status
Success:
"Suricata loading rules" 
>>> status
Success:
"Suricata running,433,AF_PACKET_DEV,workers"

Having an always available status command means that Suricata will start the US thread earlier in its startup. This will allow enterprise monitoring to retrieve Suricata's status always, instead of only after initial rule loading and eliminates a "blackout period" during initial rule load.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #5209

Add "status" mode to Suricata's socket command interface

Updated by Victor Julien over 2 years ago