I’m trying to figure out how to manage datasets dynamically while Suricata is running. It looks like there is a dataset-add command that works over a domain socket. The documentation doesn’t list the symmetric dataset-delete command. Is this simply not yet implemented? Without the ability to remove data, it seems difficult to maintain a steady state of currently relevant data (other than performing periodic restarts).
Hi Matthias, welcome.
The remove/delete command is indeed not implemented yet. I’ve just opened a ticket here https://redmine.openinfosecfoundation.org/issues/3635
2 Likes
If you’re willing to try dev code, I’ve done a first attempt here: https://github.com/OISF/suricata/pull/4822
1 Like
Thanks, I’m not yet ready to give it a shot, but great to see I can now start experimenting!
Quick update: Suricata 5.0.3 now has the removal support.
2 Likes