[Oisf-users] JSON / Unix Domain Socket

Victor Julien lists at inliniac.net
Wed Mar 13 08:32:04 UTC 2013 

On 03/13/2013 09:28 AM, Heřbolt, Lukáš wrote:
> Hi,
> "1)" is interesting funcionality for me, are there any option how to
> inspect only packets with some specific port. 
> In our scenario we have http dynamic content on port 80 and static
> content is served on port 8080.
> So we dont need to inspect every JPEG or PNG.

This TCP daemon would not be used to process actual packets suricata
inspects. It would be used to interact with suri's cfg, status,
counters, etc.

Cheers,
Victor

> 
> Thx
> Lukas 
> 
> On 13 March 2013 09:20, Victor Julien <lists at inliniac.net
> <mailto:lists at inliniac.net>> wrote:
> 
>     On 03/12/2013 06:43 PM, Dan Murphy wrote:
>     > A couple questions on these.
>     >
>     > 1.)  Why was a unix domain socket chosen instead of just binding to a
>     > port on the host which would  potentially allow me to programmatically
>     > interact with many suricata instances / nodes from a central location.
>     >  It would be useful to be able to set a TCP port that suricata could
>     > bind to.
> 
>     This way we can have interactive handling w/o having to worry about
>     things like encryption, access controls, etc.
> 
>     A TCP implementation can be build externally and interact with the unix
>     socket.
> 
>     > 2.)  Has anyone requested or discussed extending the current
>     > functionality to having the ability to inject signatures and load them
>     > via the JSON / socket interface?
> 
>     Might be interesting to do.
> 
>     > Also worth noting...  in 1.4 it seems the configure script ( maybe
>     just
>     > the help? ) needs to be updated to be able to ./configure
>     > --enable-unixsocket or something similar.  I had to manually enable it
>     > in the configure.ac <http://configure.ac> <http://configure.ac> to
>     build it.
> 
>     It should automatically enable it if libjansson is available. If it
>     doesn't, there may be some bug :)
> 
>     --
>     ---------------------------------------------
>     Victor Julien
>     http://www.inliniac.net/
>     PGP: http://www.inliniac.net/victorjulien.asc
>     ---------------------------------------------
> 
>     _______________________________________________
>     Suricata IDS Users mailing list:
>     oisf-users at openinfosecfoundation.org
>     <mailto:oisf-users at openinfosecfoundation.org>
>     Site: http://suricata-ids.org | Support:
>     http://suricata-ids.org/support/
>     List:
>     https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>     OISF: http://www.openinfosecfoundation.org/
> 
> 
> 
> 
> -- 
> Lukáš Heřbolt
> Linux Administrator
> 
> ET NETERA | smart e-business
> [a] Milady Horákové 108, 160 00 Praha 6
> [t] +420 725 267 158 [i] www.etnetera.cz <http://www.etnetera.cz> 
> ~
> [www.ifortuna.cz <http://www.ifortuna.cz>  | www.o2.cz
> <http://www.o2.cz>    | www.datart.cz <http://www.datart.cz> ]
> [www.skodaplus.cz <http://www.skodaplus.cz> | www.nivea.cz
> <http://www.nivea.cz> | www.allianz.cz <http://www.allianz.cz>]
> 
> 
> Created by ET NETERA | Powered by jNetPublish


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-users mailing list