[Oisf-users] JSON / Unix Domain Socket

Heřbolt, Lukáš lukas.herbolt at etnetera.cz
Wed Mar 13 08:28:06 UTC 2013


Hi,
"1)" is interesting funcionality for me, are there any option how to
inspect only packets with some specific port.
In our scenario we have http dynamic content on port 80 and static content
is served on port 8080.
So we dont need to inspect every JPEG or PNG.

Thx
Lukas

On 13 March 2013 09:20, Victor Julien <lists at inliniac.net> wrote:

> On 03/12/2013 06:43 PM, Dan Murphy wrote:
> > A couple questions on these.
> >
> > 1.)  Why was a unix domain socket chosen instead of just binding to a
> > port on the host which would  potentially allow me to programmatically
> > interact with many suricata instances / nodes from a central location.
> >  It would be useful to be able to set a TCP port that suricata could
> > bind to.
>
> This way we can have interactive handling w/o having to worry about
> things like encryption, access controls, etc.
>
> A TCP implementation can be build externally and interact with the unix
> socket.
>
> > 2.)  Has anyone requested or discussed extending the current
> > functionality to having the ability to inject signatures and load them
> > via the JSON / socket interface?
>
> Might be interesting to do.
>
> > Also worth noting...  in 1.4 it seems the configure script ( maybe just
> > the help? ) needs to be updated to be able to ./configure
> > --enable-unixsocket or something similar.  I had to manually enable it
> > in the configure.ac <http://configure.ac> to build it.
>
> It should automatically enable it if libjansson is available. If it
> doesn't, there may be some bug :)
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>



-- 
Lukáš Heřbolt
Linux Administrator

ET NETERA | smart e-business
[a] Milady Horákové 108, 160 00 Praha 6
[t] +420 725 267 158 [i] www.etnetera.cz
~
[www.ifortuna.cz  | www.o2.cz    | www.datart.cz ]
[www.skodaplus.cz | www.nivea.cz | www.allianz.cz]


Created by ET NETERA | Powered by jNetPublish
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130313/28a22f88/attachment-0002.html>


More information about the Oisf-users mailing list