Hi Arturo,
sorry for the late reply, I was busy a bit with other things...
>> BTW I have just finished a patch to Suricata that unifies this behaviour
>> across event/alert and log output. I'll attach it in a comment to your
>> bug #1938 in upstream's Redmine once it's tested and polished.
>
> I would like to see/test the patch before sending upstream.
Please find the patch attached to this email. Looking forward to any
comments you may have.
BTW, I noticed that suricata 3.1.2-3 built from git seems to be missing
/usr/bin/suricata in the 'suricata' binary package, at least for me:
$ git checkout -f master
Already on 'master'
Your branch is up-to-date with 'origin/master'.
$ git log -n1 | head -n1
commit da1c3c6dab21f423ff896ffe7e0adb9d87291589
$ head -n 1 debian/changelog
suricata (3.1.2-3) unstable; urgency=medium
$ gbp buildpackage -uc -us --git-pristine-tar --git-pbuilder
--git-ignore-new --git-ignore-branch
...
$ git checkout -f debian/3.1.2-2
Note: checking out 'debian/3.1.2-2'.
...
$ head -n 1 debian/changelog
suricata (3.1.2-2) unstable; urgency=medium
$ gbp buildpackage -uc -us --git-pristine-tar --git-pbuilder
--git-ignore-new --git-ignore-branch
...
$ dpkg -c ../suricata_3.1.2-2_amd64.deb | awk '{print $6}' > 1
$ dpkg -c ../suricata_3.1.2-3_amd64.deb | awk '{print $6}' > 2
$ diff 1 2
30d29
< ./usr/bin/suricata
39,40d37
< ./usr/lib/x86_64-linux-gnu/
< ./usr/lib/x86_64-linux-gnu/libhtp-0.5.22.so.1.0.0
56d52
< ./usr/lib/x86_64-linux-gnu/libhtp-0.5.22.so.1
In addition to the libhtp files (which is expected as libhtp was split
into a separate package) /usr/bin/suricata also seems to be missing. Did
you build differently?
Cheers
Sascha
diff --git a/src/util-debug.c b/src/util-debug.c
index 5e85e77..701cc9a 100644
--- a/src/util-debug.c
+++ b/src/util-debug.c
@@ -30,6 +30,8 @@
#include "util-enum.h"
#include "util-debug-filters.h"
+#include "output.h"
+
#include "decode.h"
#include "detect.h"
#include "packet-queue.h"
@@ -569,6 +571,13 @@ SCError SCLogMessage(const SCLogLevel log_level, const char *file,
log_level, file, line, function,
error_code, message) == 0)
{
+ if (op_iface_ctx->rotation_flag) {
+ fclose(op_iface_ctx->file_d);
+ assert(op_iface_ctx->file);
+ op_iface_ctx->file_d = fopen(op_iface_ctx->file, "w+");
+ assert(op_iface_ctx->file_d);
+ op_iface_ctx->rotation_flag = 0;
+ }
SCLogPrintToStream(op_iface_ctx->file_d, buffer);
}
break;
@@ -703,6 +712,7 @@ static inline SCLogOPIfaceCtx *SCLogInitFileOPIface(const char *file,
}
iface_ctx->log_level = log_level;
+ OutputRegisterFileRotationFlag(&iface_ctx->rotation_flag);
return iface_ctx;
@@ -853,6 +863,10 @@ static inline void SCLogFreeLogOPIfaceCtx(SCLogOPIfaceCtx *iface_ctx)
closelog();
}
+ if (iface_ctx->iface == SC_LOG_OP_IFACE_FILE) {
+ OutputUnregisterFileRotationFlag(&iface_ctx->rotation_flag);
+ }
+
iface_ctx = iface_ctx->next;
SCFree(temp);
diff --git a/src/util-debug.h b/src/util-debug.h
index 48d9eee..137676a 100644
--- a/src/util-debug.h
+++ b/src/util-debug.h
@@ -137,6 +137,9 @@ typedef struct SCLogOPIfaceCtx_ {
const char *log_format;
struct SCLogOPIfaceCtx_ *next;
+
+ /* Flag set when file rotation notification is received. */
+ int rotation_flag;
} SCLogOPIfaceCtx;
/**
