Files
securityonion/salt
Josh Patterson ee36f5f84c suricata: verify reloaded ruleset is newer than the rules file
Treating an in-progress reload as instant success could report success
while Suricata was still running a stale ruleset (the in-flight reload
may have started before the new all-rulesets.rules was written).

Make success conditional on Suricata actually having loaded the current
ruleset: capture the rules-file mtime up front, trigger a blocking
reload-rules, then query ruleset-reload-time and only succeed when
last_reload >= mtime. An in-progress reload now retries (waits for it to
clear so our own fresh reload runs) instead of short-circuiting, and a
ruleset that never catches up within the retry window fails via fail().

Also drop the redundant ruleset-reload-nonblocking call (the verified
blocking reload is authoritative and the async call was what left a
reload running) and log human-readable timestamps.
2026-07-01 09:00:36 -04:00
..
2026-06-12 11:18:59 -04:00
2026-06-12 11:18:59 -04:00
2026-05-13 17:28:07 -04:00
2026-06-12 11:18:59 -04:00
2026-05-05 14:26:04 -04:00
2026-06-03 09:49:53 -04:00
2026-05-05 14:26:04 -04:00
2026-06-22 13:01:02 -04:00
2026-06-15 12:33:08 -04:00