[Oisf-users] JSON / Unix Domain Socket

Victor Julien lists at inliniac.net
Wed Mar 13 08:20:35 UTC 2013

On 03/12/2013 06:43 PM, Dan Murphy wrote:
> A couple questions on these.
> 1.)  Why was a unix domain socket chosen instead of just binding to a
> port on the host which would  potentially allow me to programmatically
> interact with many suricata instances / nodes from a central location.
>  It would be useful to be able to set a TCP port that suricata could
> bind to.

This way we can have interactive handling w/o having to worry about
things like encryption, access controls, etc.

A TCP implementation can be build externally and interact with the unix

> 2.)  Has anyone requested or discussed extending the current
> functionality to having the ability to inject signatures and load them
> via the JSON / socket interface?  

Might be interesting to do.

> Also worth noting...  in 1.4 it seems the configure script ( maybe just
> the help? ) needs to be updated to be able to ./configure
> --enable-unixsocket or something similar.  I had to manually enable it
> in the configure.ac <http://configure.ac> to build it.

It should automatically enable it if libjansson is available. If it
doesn't, there may be some bug :)

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list