Suricata

Suricata latest ran without -l doesn't log to the directory set in the YAML:

dolemite@researchvm:~/testids/test$ grep 'default-log-dir:' /etc/suricata/suricata.5.git.yaml
default-log-dir: /tmp
dolemite@researchvm:~/testids/test$ ls -alh
total 12K
drwxr-xr-x 2 dolemite dolemite 4.0K Jul 30 12:22 .
drwxr-xr-x 6 dolemite dolemite 4.0K Jul 30 10:24 ..
-rw-r--r-- 1 dolemite dolemite 4.0K Jul 30 12:02 anon.pcap
dolemite@researchvm:~/testids/test$ ~/testids/src/suricata/suricata-git/src/suricata -c /etc/suricata/suricata.5.git.yaml -S /var/lib/suricata/rules/custom.rules -r anon.pcap
[27542] 30/7/2019 -- 12:27:01 - (suricata.c:1071) <Notice> (LogVersion) -- This is Suricata version 5.0.0-dev (3a912446a 2019-07-22) running in USER mode
[27542] 30/7/2019 -- 12:27:01 - (tm-threads.c:2145) <Notice> (TmThreadWaitOnThreadInit) -- all 5 packet processing threads, 4 management threads initialized, engine started.
[27542] 30/7/2019 -- 12:27:02 - (suricata.c:2851) <Notice> (SuricataMainLoop) -- Signal Received.  Stopping engine.
[27556] 30/7/2019 -- 12:27:02 - (source-pcap-file.c:378) <Notice> (ReceivePcapFileThreadExitStats) -- Pcap-file module read 1 files, 44 packets, 3325 bytes
dolemite@researchvm:~/testids/test$ ls -alh
total 68K
drwxr-xr-x 2 dolemite dolemite 4.0K Jul 30 12:27 .
drwxr-xr-x 6 dolemite dolemite 4.0K Jul 30 10:24 ..
-rw-r--r-- 1 dolemite dolemite 4.0K Jul 30 12:02 anon.pcap
-rw-rw-r-- 1 dolemite dolemite  155 Jul 30 12:27 flowbits.json
-rw-rw-r-- 1 dolemite dolemite 4.3K Jul 30 12:27 keyword_perf.log
-rw-rw-r-- 1 dolemite dolemite 8.6K Jul 30 12:27 local.eve.json
-rw-rw-r-- 1 dolemite dolemite  978 Jul 30 12:27 local.fast.log
-rw-rw-r-- 1 dolemite dolemite 4.1K Jul 30 12:27 packet_stats.log
-rw-rw-r-- 1 dolemite dolemite  840 Jul 30 12:27 prefilter_perf.log
-rw-rw-r-- 1 dolemite dolemite  976 Jul 30 12:27 rule_group_perf.log
-rw-rw-r-- 1 dolemite dolemite 3.1K Jul 30 12:27 rule_perf.log
-rw-rw-r-- 1 dolemite dolemite 2.1K Jul 30 12:27 stats.log
-rw-rw-r-- 1 dolemite dolemite  600 Jul 30 12:27 suricata.log