[Oisf-devel] Storing suricata rules in database

ravin goyal ravirocks1021 at gmail.com
Sun Oct 18 18:33:02 UTC 2015

On 18-Oct-2015 10:07 PM, "Jason Ish" <lists at unx.ca> wrote:
> On Fri, Oct 16, 2015 at 6:33 AM, ravin goyal <ravirocks1021 at gmail.com>
> > Hii all, I am working on suricata-2.0.8 and implemented it in IPS mode
> > to inspect ssl certificate , I am specifically want to inspect ssl
> > traffic and based upon the   tls subject field values, we are dropping
> > the packets.
> > Works pretty well
> >
> >
> > But I want to link database with suricata to store rules rather than
> > flat file structure.
> > I am going through the source code but I don't know where should I
> > begin my journey.
> >
> > I would appreciate if you provide an alternate solution to my
> > scenario, if my idea seems pretty broken.
> I'd try a simpler approach like a small tool that pulled the rules out
> of the database, wrote out the files and then sent Suricata a reload
> signal. If using PostgreSQL, have it run in the background, wait for
> Postgres notifications, write out the rules files and reload.
> I think I'd explore something like that before modifying Suricata.

Thanks jason , I would try out it first as you have suggest, but my concern
is related to real time performance issues with flat file structure.
I want to eliminate the concept of file in it
As database keep on updating (with each read write operation) ,suricata
behaves accordingly( dropping packets as per the rules).
Wouldn't it be much simpler??

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20151019/7a275b4f/attachment-0002.html>

More information about the Oisf-devel mailing list