[Oisf-users] minor nit with suricata
Russell Fulton
r.fulton at auckland.ac.nz
Wed Aug 12 21:46:37 UTC 2015
I may have reported this before — it has been niggling me for quite some time.
If you drop privs with suri then you get this error:
suricata: '13/8/2015 -- 06:28:02 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - Failed to reopen file "/home/sensors/data/dmzi/stats.log".Stats logging will now be disabled. ‘
When you reload rules (or is it when suri tries to rollover the stats file).
I am guessing that the problem is that the file is created before suri drops privs (it is owned by root) and when suri tries to reopen it later if fails,
Russell
More information about the Oisf-users
mailing list