doc/userguide/configuration/systemd-notify.rst
Suricata supports systemd notification with the aim of notifying the service manager of successful initialisation. The purpose is to enable the ability to start upon/await successful start-up for services/test frameworks that depend on a fully initialised Suricata .
During the initialisation phase Suricata synchronises the initialisation thread with all active
threads to ensure they are in a running state. Once synchronisation has been completed a READY=1
status notification is sent to the service manager using across the Systemd UNIX socket.
The path of the UNIX socket is taken from the NOTIFY_SOCKET env var.
A test framework requires Suricata to be capturing before the tests can be carried out.
Writing a test.service and ensuring the correct execution order with After=suricata.service
forces the unit to be started after suricata.service. This does not enforce Suricata has fully
initialised. By configuring suricata.service as Type=notify instructs the service manager
to wait for the notification before starting test.service.
This feature is only supported for distributions under the following conditions:
Type=notifyFor notification to the service manager the unit file must be configured as shown in requirement [2].
Upon all requirements being met the service manager will start and await
READY=1 status from Suricata. Otherwise the service manager will treat the service unit as
Type=simple and consider it started immediately after the main process ExecStart= has been
forked.
To confirm the system is running under systemd::
ps --no-headers -o comm 1
See https://www.freedesktop.org/software/systemd/man/systemd.service.html for help writing systemd unit files.
See https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html#Notes for a discussion of the UNIX socket based notification.