<div dir="ltr">Hello,<div> I am testing "reload-tenant tenant-id tenant.yaml" command through unix socket, I could see "signature processed" message in suricata.log. But I am not getting any response for "suricatasc -c 'reload-tenant 123 tenant-123.yaml'" command.</div><div><br></div><div>Steps I followed:</div><div>1. After suricata installation, I enabled multi-detect and start suricata in live mode</div><div> </div><div> multi-detect:</div><div> enabled: yes</div><div> selector: vlan</div><div> loaders: 3</div><div><br></div><div> tenants:</div><div> - id: 123</div><div> yaml: tenant-123.yaml</div><div><br></div><div> mappings:</div><div> - vlan-id: 1000</div><div> tenant-id: 123</div><div> </div><div> Command: suricata -i eth0 -c /usr/local/etc/suricata//suricata.yaml -l ~/suricatalog</div><div><br></div><div>2. unix socket commands as followed:</div><div><div>ubuntu:~$ sudo suricatasc -v</div><div>SND: {"version": "0.1"}</div><div>RCV: {"return": "OK"}</div><div>SND: {"command": "command-list"}</div><div>RCV: {"message": {"count": 20, "commands": ["shutdown", "command-list", "help", "version", "uptime", "running-mode", "capture-mode", "conf-get", "dump-counters", "reload-rules", "register-tenant-handler", "unregister-tenant-handler", "register-tenant", "reload-tenant", "unregister-tenant", "add-hostbit", "remove-hostbit", "list-hostbit", "iface-stat", "iface-list"]}, "return": "OK"}</div><div>Command list: shutdown, command-list, help, version, uptime, running-mode, capture-mode, conf-get, dump-counters, reload-rules, register-tenant-handler, unregister-tenant-handler, register-tenant, reload-tenant, unregister-tenant, add-hostbit, remove-hostbit, list-hostbit, iface-stat, iface-list, quit</div><div>>>> reload-rules</div><div>SND: {"command": "reload-rules"}</div><div>RCV: {"message": "done", "return": "OK"}</div><div>Success:</div><div>"done"</div></div><div><div>>>> reload-tenant
<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">123 tenant-123.yaml</span>
</div><div>SND: {"command": "reload-tenant", "arguments": {"id": 1213, "filename": "/opt/ns/ips/tenant/1213/tenant-1213.yaml"}}</div><div>Invalid return from server: Unable to get message from server</div></div><div><br></div><div>3. Suricata.log :</div><div>9/5/2018 -- 05:54:10 - <Info> - prefix multi-detect.123.reload.1</div><div>9/5/2018 -- 05:54:10 - <Info> - Configuration node 'vars' redefined.</div><div>9/5/2018 -- 05:54:10 - <Info> - Configuration node 'default-rule-path' redefined.</div><div>9/5/2018 -- 05:54:10 - <Info> - Configuration node 'rule-files' redefined.</div><div>9/5/2018 -- 05:54:10 - <Info> - Configuration node 'classification-file' redefined.</div><div>9/5/2018 -- 05:54:10 - <Info> - Configuration node 'reference-config-file' redefined.</div><div>9/5/2018 -- 05:54:15 - <Info> - 37 rule files processed. 12650 rules successfully loaded, 0 rules failed</div><div>9/5/2018 -- 05:54:15 - <Info> - Threshold config parsed: 0 rule(s) found</div><div>9/5/2018 -- 05:54:15 - <Info> - 12655 signatures processed. 1170 are IP-only rules, 5225 are inspecting packet payload, 7798 inspect application layer, 0 are decoder event only</div><div> <br></div><div>Am I missing any options to be enabled in conf ??</div><div><br></div><div>Appreciate any quick help.</div><div><br></div><div>Thanks,</div><div>-Nageswara Rao</div></div>