Bug #2428: suricata.log file permission error message when using suricata -l <dir> -r x.pcap as unprivilegded user - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #2428

closed

suricata.log file permission error message when using suricata -l <dir> -r x.pcap as unprivilegded user

Added by Richard Sailer almost 7 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

5.0beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

When starting suricata as an unprivileged user in offline pcap mode with a extra logdir, like e.g.:

suricata -l new_logdir -r x.pcap

it issues the following warning:

Error opening file /usr/local/var/log/suricata/suricata.log

Because for engine logs it still uses the default logdir and has no write permissions there.
It then uses the terminal for engine logs which is fine and sensible, I think.

But for new users using suricata in -r mode for the first time this error message might be confusing and rattling.

I currently see three solution concepts:

With -l, also put suricata.log in the new_logdir
With -r, write to the terminal by default
With -r, still try to write to suricata.log first, but surpress the warning if it doesn't work

Thoughts? Opinions?

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #2428

suricata.log file permission error message when using suricata -l <dir> -r x.pcap as unprivilegded user

Updated by Richard Sailer almost 7 years ago

Updated by Andreas Herz almost 7 years ago

Updated by Victor Julien over 6 years ago

Updated by Andreas Herz over 5 years ago

Updated by Andreas Herz over 5 years ago

Updated by Victor Julien over 5 years ago