[Oisf-users] JSON / Unix Domain Socket
Victor Julien
lists at inliniac.net
Wed Mar 13 08:20:35 UTC 2013
On 03/12/2013 06:43 PM, Dan Murphy wrote:
> A couple questions on these.
>
> 1.) Why was a unix domain socket chosen instead of just binding to a
> port on the host which would potentially allow me to programmatically
> interact with many suricata instances / nodes from a central location.
> It would be useful to be able to set a TCP port that suricata could
> bind to.
This way we can have interactive handling w/o having to worry about
things like encryption, access controls, etc.
A TCP implementation can be build externally and interact with the unix
socket.
> 2.) Has anyone requested or discussed extending the current
> functionality to having the ability to inject signatures and load them
> via the JSON / socket interface?
Might be interesting to do.
> Also worth noting... in 1.4 it seems the configure script ( maybe just
> the help? ) needs to be updated to be able to ./configure
> --enable-unixsocket or something similar. I had to manually enable it
> in the configure.ac <http://configure.ac> to build it.
It should automatically enable it if libjansson is available. If it
doesn't, there may be some bug :)
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list