From 3205a8789b418dc601e85bc90b92d0091834fd7c Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Mon, 27 Nov 2017 11:23:24 +0100
Subject: [PATCH] unix-socket: add logs reopen command

We did had a race condition with running logrotate with multiple
EVE Json files. Consequence was one of the file not being reopen
by suricata that did continue to write to the rotated one.

Trying fix on signal handler did fail so this patch implements
log rotation support by adding a dedicated command to unix socket
to reopen the log files.
---
 src/unix-manager.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/unix-manager.c b/src/unix-manager.c
index 29f3e9f183..0fae98a879 100644
--- a/src/unix-manager.c
+++ b/src/unix-manager.c
@@ -44,6 +44,7 @@
 
 #include <jansson.h>
 
+#include "output.h"
 #include "output-json.h"
 
 // MSG_NOSIGNAL does not exists on OS X
@@ -839,6 +840,13 @@ static TmEcode UnixManagerListCommand(json_t *cmd,
 }
 
 
+static TmEcode UnixManagerReopenLogFiles(json_t *cmd, json_t *server_msg, void *data)
+{
+    OutputNotifyFileRotation();
+    json_object_set_new(server_msg, "message", json_string("done"));
+    SCReturnInt(TM_ECODE_OK);
+}
+
 #if 0
 TmEcode UnixManagerReloadRules(json_t *cmd,
                                json_t *server_msg, void *data)
@@ -998,6 +1006,7 @@ int UnixManagerInit(void)
     UnixManagerRegisterCommand("add-hostbit", UnixSocketHostbitAdd, &command, UNIX_CMD_TAKE_ARGS);
     UnixManagerRegisterCommand("remove-hostbit", UnixSocketHostbitRemove, &command, UNIX_CMD_TAKE_ARGS);
     UnixManagerRegisterCommand("list-hostbit", UnixSocketHostbitList, &command, UNIX_CMD_TAKE_ARGS);
+    UnixManagerRegisterCommand("reopen-log-files", UnixManagerReopenLogFiles, NULL, 0);
 
     return 0;
 }