Actions
Bug #4523
closedApplication log cannot to be re-opened when running as non-root user
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0, Needs backport to 6.0
Description
Suricata by default creates an application log at /var/log/suricata/suricata.log. This log file is created before changing uid and remains owned by root. After log rotation and a subsequent command to "reopen-log-files", this file is closed, but never re-opened as it can't be opened for modification by the non-root user that Suricata is now being run as.
This does not affect Suricata event logging as those files are opened after the uid is changed.
I think the only way to handle this is to change ownership of the file before the uid change so it can be re-opened.
Updated by Jason Ish almost 3 years ago
- Status changed from New to In Progress
- Label Needs backport to 5.0, Needs backport to 6.0 added
Updated by Jason Ish almost 3 years ago
- Status changed from In Progress to In Review
Updated by Jeff Lucovsky almost 3 years ago
- Copied to Bug #5102: Application log cannot to be re-opened when running as non-root user added
Updated by Jeff Lucovsky almost 3 years ago
- Copied to Bug #5103: Application log cannot to be re-opened when running as non-root user added
Actions