[Oisf-devel] Storing suricata rules in database

Jason Ish lists at unx.ca
Sun Oct 18 16:37:14 UTC 2015

On Fri, Oct 16, 2015 at 6:33 AM, ravin goyal <ravirocks1021 at gmail.com> wrote:
> Hii all, I am working on suricata-2.0.8 and implemented it in IPS mode
> to inspect ssl certificate , I am specifically want to inspect ssl
> traffic and based upon the   tls subject field values, we are dropping
> the packets.
> Works pretty well
> But I want to link database with suricata to store rules rather than
> flat file structure.
> I am going through the source code but I don't know where should I
> begin my journey.
> I would appreciate if you provide an alternate solution to my
> scenario, if my idea seems pretty broken.

I'd try a simpler approach like a small tool that pulled the rules out
of the database, wrote out the files and then sent Suricata a reload
signal. If using PostgreSQL, have it run in the background, wait for
Postgres notifications, write out the rules files and reload.

I think I'd explore something like that before modifying Suricata.

More information about the Oisf-devel mailing list