Bug #8115
Updated by Abhijeet Singh 4 days ago
Log rotation checks ("code link":https://github.com/OISF/suricata/blob/main/src/util-logopenfile.c#L219) only happen when there are active log "writes" happening in the system. In cases of zero-traffic, they may not get triggered because of which downstream processes waiting on log file close event miss out on time-critical logs.
There is a related bug ("code link":https://github.com/OISF/suricata/blob/main/src/util-logopenfile.c#L222-L228) that reopens the file twice if both the rotation flag is set and rotation time interval passed. This creates erroneous notifications for downstream processes that are using `inotify` kind of directory monitoring for file close events on the log files.