Suricata

When running Suricata without rules/disable detection (aka NSM mode only) we still initialize the legacy fast.log

suricata  -l logs/ -k none -T -vv --disable-detection
Notice: suricata: This is Suricata version 8.0.0-dev (1dcf69b21 2024-01-08) running in SYSTEM mode [LogVersion:suricata.c:1146]
Info: cpu: CPUs/cores online: 16 [UtilCpuPrintSummary:util-cpu.c:182]
Info: suricata: Running suricata under test mode [SuricataMain:suricata.c:2942]
Info: suricata: Setting engine mode to IDS mode by default [PostConfLoadedSetup:suricata.c:2683]
Info: exception-policy: master exception-policy set to: auto [ExceptionPolicyMasterParse:util-exception-policy.c:200]
Info: logopenfile: fast output device (regular) initialized: fast.log [SCConfLogOpenGeneric:util-logopenfile.c:616]
Info: logopenfile: eve-log output device (regular) initialized: eve.json [SCConfLogOpenGeneric:util-logopenfile.c:616]
Info: logopenfile: stats output device (regular) initialized: stats.log [SCConfLogOpenGeneric:util-logopenfile.c:616]
Notice: suricata: Configuration provided was successfully loaded. Exiting. [SuricataMain:suricata.c:2969]
Perf: host: host memory usage: 390144 bytes, maximum: 33554432 [HostPrintStats:host.c:297]

One possible way to deal with it is to disable the legacy output in general in 8.