Project

General

Profile

Actions
Copy link

Bug #3095

open

default log dir not always honored - git master

Added by Peter Manev over 5 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:

Description

I just noticed something unusual on diff OSes too

If Suricata is run with "--engine-analysis" or "-r pcap.pcap -k none" and no log path specified it will not produce any logs. If the log path is explicitly specified on the command line it will produce the logs: 

root@d36a085bc4dd:/opt/QA/suricata# suricata --dump-config |grep default-log-dir
default-log-dir = /var/log/suricata/

root@d36a085bc4dd:/opt/QA/suricata# suricata --engine-analysis
[16998] 22/7/2019 -- 05:30:40 - (suricata.c:1071) <Notice> (LogVersion) -- This is Suricata version 5.0.0-dev (06d3e1d3d 2019-07-19) running in USER mode
root@d36a085bc4dd:/opt/QA/suricata#
root@d36a085bc4dd:/opt/QA/suricata#

root@d36a085bc4dd:/opt/QA/suricata# ls -lh /var/log/suricata/
total 8.0K
drwxr-xr-x 2 root root 4.0K Jul 22 05:28 certs
drwxr-xr-x 2 root root 4.0K Jul 22 05:28 files
root@d36a085bc4dd:/opt/QA/suricata# suricata --engine-analysis -l /var/log/suricata/
[17001] 22/7/2019 -- 05:31:33 - (suricata.c:1071) <Notice> (LogVersion) -- This is Suricata version 5.0.0-dev (06d3e1d3d 2019-07-19) running in USER mode
root@d36a085bc4dd:/opt/QA/suricata# ls -lh /var/log/suricata/
total 44M
drwxr-xr-x 2 root root 4.0K Jul 22 05:28 certs
-rw-r--r-- 1 root root    0 Jul 22 05:31 eve.json
-rw-r--r-- 1 root root    0 Jul 22 05:31 fast.log
drwxr-xr-x 2 root root 4.0K Jul 22 05:28 files
-rw-r--r-- 1 root root  52K Jul 22 05:31 flowbits.json
-rw-r--r-- 1 root root  706 Jul 22 05:32 keyword_perf.log
-rw-r--r-- 1 root root  642 Jul 22 05:32 prefilter_perf.log
-rw-r--r-- 1 root root  716 Jul 22 05:32 rule_group_perf.log
-rw-r--r-- 1 root root  581 Jul 22 05:32 rule_perf.log
-rw-r--r-- 1 root root  20M Jul 22 05:32 rules.json
-rw-r--r-- 1 root root  13M Jul 22 05:32 rules_analysis.txt
-rw-r--r-- 1 root root  12M Jul 22 05:32 rules_fast_pattern.txt
-rw-r--r-- 1 root root    0 Jul 22 05:31 stats.log
-rw-r--r-- 1 root root 3.2K Jul 22 05:31 suricata.log
root@d36a085bc4dd:/opt/QA/suricata#

Related issues 1 (0 open1 closed)

Has duplicate Suricata - Bug #3101: Suricata not using 'default-log-dir' in YAMLClosedActions
Actions
Copy link

Also available in: Atom PDF