suricatasc: allow for tenant id in pcap-file

Allow for an optional 'tenant id' argument to pcap-file. This will
allow us to force the pcap to be inspected by this tenant.

If ommited it's 0, which means it's disabled.

diff --git a/scripts/suricatasc/src/suricatasc.py b/scripts/suricatasc/src/suricatasc.py
index 3ab97b99cc638de7884f7e05821598e742006a9c..9507b6ba5f97b9c94ea63ad8d3b7c9cb87588f9d 100644 (file)
--- a/scripts/suricatasc/src/suricatasc.py
+++ b/scripts/suricatasc/src/suricatasc.py
@@ -177,15 +177,21 @@ class SuricataSC:
         if command.split(' ', 2)[0] in self.cmd_list:
             if "pcap-file " in command:
                 try:
-                    [cmd, filename, output] = command.split(' ', 2)
+                    parts = command.split(' ');
                 except:
                     raise SuricataCommandException("Arguments to command '%s' is missing" % (command))
+                cmd, filename, output = parts[0], parts[1], parts[2]
+                tenant = None
+                if len(parts) > 3:
+                    tenant = parts[3]
                 if cmd != "pcap-file":
                     raise SuricataCommandException("Invalid command '%s'" % (command))
                 else:
                     arguments = {}
                     arguments["filename"] = filename
                     arguments["output-dir"] = output
+                    if tenant != None:
+                        arguments["tenant"] = int(tenant)
             elif "iface-stat" in command:
                 try:
                     [cmd, iface] = command.split(' ', 1)