Project

General

Profile

Actions

Bug #2386

closed

check if default log dir is writable at start up

Added by Victor Julien over 6 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

If the log dir doesn't exist, we refuse to start up:

suricata -c suricata.yaml -l noexist
[94239] 20/12/2017 -- 16:10:02 - (suricata.c:1957) <Error> (ParseCommandLine) -- [ERRCODE: SC_ERR_LOGDIR_CMDLINE(117)] - The logging directory "noexist" supplied at the commandline (-l noexist) doesn't exist. Shutting down the engine.

But if it's not writable, we error comes much later. E.g.:

suricata -c suricata.yaml -l /var/log/ -T --disable-detection
[94280] 20/12/2017 -- 16:10:34 - (suricata.c:1886) <Info> (ParseCommandLine) -- Running suricata under test mode
[94280] 20/12/2017 -- 16:10:34 - (suricata.c:1761) <Info> (ParseCommandLine) -- detection engine disabled
Error opening file /var/log/suricata/suricata.log
[94280] 20/12/2017 -- 16:10:34 - (suricata.c:1112) <Notice> (LogVersion) -- This is Suricata version 4.1.0-dev (rev 223d9a1)
[94280] 20/12/2017 -- 16:10:34 - (util-logopenfile.c:318) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/var/log//fast.log": Permission denied
[94280] 20/12/2017 -- 16:10:34 - (runmodes.c:776) <Error> (RunModeInitializeOutputs) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - output module setup failed

I think it would be good to extend the first check to include basic permission testing.


Related issues 2 (2 open0 closed)

Related to Suricata - Bug #2337: give warning if permissions won't allow log reopen after dropping privsAssignedOISF DevActions
Related to Suricata - Optimization #1595: Suricata starts in known conditions of no dataNewOISF DevActions
Actions

Also available in: Atom PDF