[Oisf-users] Suricata unix socket command 'reload-tenant' - no response (Unable to get message from server)

A V K NAGESWARA RAO avknagu at gmail.com
Wed May 9 13:22:11 UTC 2018


Hello,
   I am testing "reload-tenant tenant-id tenant.yaml" command through unix
socket, I could see "signature processed" message in suricata.log. But I am
not getting any response for "suricatasc -c 'reload-tenant 123
tenant-123.yaml'" command.

Steps I followed:
1. After suricata installation, I enabled multi-detect and start suricata
in live mode

    multi-detect:
    enabled: yes
    selector: vlan
    loaders: 3

    tenants:
    - id: 123
      yaml: tenant-123.yaml

    mappings:
    - vlan-id: 1000
      tenant-id: 123

 Command: suricata -i eth0 -c /usr/local/etc/suricata//suricata.yaml -l
~/suricatalog

2. unix socket commands as followed:
ubuntu:~$ sudo suricatasc -v
SND: {"version": "0.1"}
RCV: {"return": "OK"}
SND: {"command": "command-list"}
RCV: {"message": {"count": 20, "commands": ["shutdown", "command-list",
"help", "version", "uptime", "running-mode", "capture-mode", "conf-get",
"dump-counters", "reload-rules", "register-tenant-handler",
"unregister-tenant-handler", "register-tenant", "reload-tenant",
"unregister-tenant", "add-hostbit", "remove-hostbit", "list-hostbit",
"iface-stat", "iface-list"]}, "return": "OK"}
Command list: shutdown, command-list, help, version, uptime, running-mode,
capture-mode, conf-get, dump-counters, reload-rules,
register-tenant-handler, unregister-tenant-handler, register-tenant,
reload-tenant, unregister-tenant, add-hostbit, remove-hostbit,
list-hostbit, iface-stat, iface-list, quit
>>> reload-rules
SND: {"command": "reload-rules"}
RCV: {"message": "done", "return": "OK"}
Success:
"done"
>>> reload-tenant 123 tenant-123.yaml
SND: {"command": "reload-tenant", "arguments": {"id": 1213, "filename":
"/opt/ns/ips/tenant/1213/tenant-1213.yaml"}}
Invalid return from server: Unable to get message from server

3. Suricata.log :
9/5/2018 -- 05:54:10 - <Info> - prefix multi-detect.123.reload.1
9/5/2018 -- 05:54:10 - <Info> - Configuration node 'vars' redefined.
9/5/2018 -- 05:54:10 - <Info> - Configuration node 'default-rule-path'
redefined.
9/5/2018 -- 05:54:10 - <Info> - Configuration node 'rule-files' redefined.
9/5/2018 -- 05:54:10 - <Info> - Configuration node 'classification-file'
redefined.
9/5/2018 -- 05:54:10 - <Info> - Configuration node 'reference-config-file'
redefined.
9/5/2018 -- 05:54:15 - <Info> - 37 rule files processed. 12650 rules
successfully loaded, 0 rules failed
9/5/2018 -- 05:54:15 - <Info> - Threshold config parsed: 0 rule(s) found
9/5/2018 -- 05:54:15 - <Info> - 12655 signatures processed. 1170 are
IP-only rules, 5225 are inspecting packet payload, 7798 inspect application
layer, 0 are decoder event only

Am I missing any options to be enabled in conf ??

Appreciate any quick help.

Thanks,
-Nageswara Rao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180509/18daae41/attachment.html>


More information about the Oisf-users mailing list