fix(ids): close stream when no longer used

README.md

@@ -202,7 +202,6 @@ rule-files:
 
 This ruleset includes online domains only. It enables Suricata to detect malicious HTTPS-enabled domains by inspecting the SNI in the [unencrypted ClientHello](https://en.wikipedia.org/wiki/Server_Name_Indication#Security_implications) message. There is increasing support for encrypted Client Hello which defeats SNI inspection.
 
-
 ## Splunk
 
 A CSV file for Splunk [lookup](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Aboutlookupsandfieldactions).

src/ids.js

@@ -39,6 +39,8 @@ for await (const domain of domains.readLines()) {
   sid++
 }
 
+suricataSni.close()
+
 for await (const line of urls.readLines()) {
   if (!URL.canParse(`http://${line}`)) {
     console.error(`Invalid URL: ${line}`)
@@ -61,5 +63,4 @@ for await (const line of urls.readLines()) {
 snort2.close()
 snort3.close()
 suricata.close()
-suricataSni.close()
 splunk.close()