12.8. systemd notification

12.8.1. Introduction

Suricata supports systemd notification with the aim of notifying the service manager of successful initialisation. The purpose is to enable the ability to start upon/await successful start-up for services/test frameworks that depend on a fully initialised Suricata .

During the initialisation phase Suricata synchronises the initialisation thread with all active threads to ensure they are in a running state. Once synchronisation has been completed a READY=1 status notification is sent to the service manager using across the Systemd UNIX socket.

The path of the UNIX socket is taken from the NOTIFY_SOCKET env var.

12.8.2. Example

A test framework requires Suricata to be capturing before the tests can be carried out. Writing a test.service and ensuring the correct execution order with After=suricata.service forces the unit to be started after suricata.service. This does not enforce Suricata has fully initialised. By configuring suricata.service as Type=notify instructs the service manager to wait for the notification before starting test.service.

12.8.3. Requirements

This feature is only supported for distributions under the following conditions:

1. Any distribution that runs under systemd

2. Unit file configuration: Type=notify

For notification to the service manager the unit file must be configured as shown in requirement [2]. Upon all requirements being met the service manager will start and await READY=1 status from Suricata. Otherwise the service manager will treat the service unit as Type=simple and consider it started immediately after the main process ExecStart= has been forked.

12.8.4. Additional Information

To confirm the system is running under systemd:

ps --no-headers -o comm 1

See https://www.freedesktop.org/software/systemd/man/systemd.service.html for help writing systemd unit files.

See https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html#Notes for a discussion of the UNIX socket based notification.