Bug #4523: Application log cannot to be re-opened when running as non-root user - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #4523

closed

Application log cannot to be re-opened when running as non-root user

Added by Jason Ish over 3 years ago. Updated almost 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Jason Ish

Target version:

7.0.0-beta1

Affected Versions:

6.0.2

Effort:

Difficulty:

Label:

Needs backport to 5.0, Needs backport to 6.0

Description

Suricata by default creates an application log at /var/log/suricata/suricata.log. This log file is created before changing uid and remains owned by root. After log rotation and a subsequent command to "reopen-log-files", this file is closed, but never re-opened as it can't be opened for modification by the non-root user that Suricata is now being run as.

This does not affect Suricata event logging as those files are opened after the uid is changed.

I think the only way to handle this is to change ownership of the file before the uid change so it can be re-opened.

Related issues 2 (0 open — 2 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #4523

Application log cannot to be re-opened when running as non-root user

Updated by Jason Ish almost 3 years ago

Updated by Jason Ish almost 3 years ago

Updated by Jason Ish almost 3 years ago

Updated by Jeff Lucovsky over 2 years ago

Updated by Jeff Lucovsky over 2 years ago