suricata.log ownership not being set to run-as user/group
we are running Suricata 5.0 and have the following in our suricata.yaml:
outputs: - console: enabled: yes - file: enabled: yes level: info filename: suricata.log - syslog: enabled: no facility: local5 format:
We have the run-as user and group options configured as well.
We are seeing where the suricata.log file is staying owned as root.root instead of being set as the user/group we have set in run-as. All other log outputs are being assigned proper user/group.
Build info attached, let me know if there is additional information needed.