[Oisf-users] minor nit with suricata
Peter Manev
petermanev at gmail.com
Sat Aug 15 18:39:03 UTC 2015
Hi Russell,
I can not reproduce that. (I tried eta3/4 and latest git )
What Suricata ver are you using?
Thanks
On Wed, Aug 12, 2015 at 11:46 PM, Russell Fulton
<r.fulton at auckland.ac.nz> wrote:
> I may have reported this before — it has been niggling me for quite some time.
>
> If you drop privs with suri then you get this error:
>
> suricata: '13/8/2015 -- 06:28:02 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - Failed to reopen file "/home/sensors/data/dmzi/stats.log".Stats logging will now be disabled. ‘
>
> When you reload rules (or is it when suri tries to rollover the stats file).
>
> I am guessing that the problem is that the file is created before suri drops privs (it is owned by root) and when suri tries to reopen it later if fails,
>
> Russell
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list