[Oisf-users] Suricata unix socket command 'reload-tenant' - no response (Unable to get message from server)
Peter Manev
petermanev at gmail.com
Fri May 11 07:50:28 UTC 2018
On Wed, May 9, 2018 at 3:22 PM, A V K NAGESWARA RAO <avknagu at gmail.com> wrote:
> Hello,
> I am testing "reload-tenant tenant-id tenant.yaml" command through unix
> socket, I could see "signature processed" message in suricata.log. But I am
> not getting any response for "suricatasc -c 'reload-tenant 123
> tenant-123.yaml'" command.
>
> Steps I followed:
> 1. After suricata installation, I enabled multi-detect and start suricata in
> live mode
>
> multi-detect:
> enabled: yes
> selector: vlan
> loaders: 3
>
> tenants:
> - id: 123
> yaml: tenant-123.yaml
>
> mappings:
> - vlan-id: 1000
> tenant-id: 123
>
> Command: suricata -i eth0 -c /usr/local/etc/suricata//suricata.yaml -l
> ~/suricatalog
>
> 2. unix socket commands as followed:
> ubuntu:~$ sudo suricatasc -v
> SND: {"version": "0.1"}
> RCV: {"return": "OK"}
> SND: {"command": "command-list"}
> RCV: {"message": {"count": 20, "commands": ["shutdown", "command-list",
> "help", "version", "uptime", "running-mode", "capture-mode", "conf-get",
> "dump-counters", "reload-rules", "register-tenant-handler",
> "unregister-tenant-handler", "register-tenant", "reload-tenant",
> "unregister-tenant", "add-hostbit", "remove-hostbit", "list-hostbit",
> "iface-stat", "iface-list"]}, "return": "OK"}
> Command list: shutdown, command-list, help, version, uptime, running-mode,
> capture-mode, conf-get, dump-counters, reload-rules,
> register-tenant-handler, unregister-tenant-handler, register-tenant,
> reload-tenant, unregister-tenant, add-hostbit, remove-hostbit, list-hostbit,
> iface-stat, iface-list, quit
>>>> reload-rules
> SND: {"command": "reload-rules"}
> RCV: {"message": "done", "return": "OK"}
> Success:
> "done"
>>>> reload-tenant 123 tenant-123.yaml
> SND: {"command": "reload-tenant", "arguments": {"id": 1213, "filename":
> "/opt/ns/ips/tenant/1213/tenant-1213.yaml"}}
> Invalid return from server: Unable to get message from server
>
> 3. Suricata.log :
> 9/5/2018 -- 05:54:10 - <Info> - prefix multi-detect.123.reload.1
> 9/5/2018 -- 05:54:10 - <Info> - Configuration node 'vars' redefined.
> 9/5/2018 -- 05:54:10 - <Info> - Configuration node 'default-rule-path'
> redefined.
> 9/5/2018 -- 05:54:10 - <Info> - Configuration node 'rule-files' redefined.
> 9/5/2018 -- 05:54:10 - <Info> - Configuration node 'classification-file'
> redefined.
> 9/5/2018 -- 05:54:10 - <Info> - Configuration node 'reference-config-file'
> redefined.
> 9/5/2018 -- 05:54:15 - <Info> - 37 rule files processed. 12650 rules
> successfully loaded, 0 rules failed
> 9/5/2018 -- 05:54:15 - <Info> - Threshold config parsed: 0 rule(s) found
> 9/5/2018 -- 05:54:15 - <Info> - 12655 signatures processed. 1170 are IP-only
> rules, 5225 are inspecting packet payload, 7798 inspect application layer, 0
> are decoder event only
>
> Am I missing any options to be enabled in conf ??
>
> Appreciate any quick help.
>
Which Suricata version is that ?
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list