aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

unix-socket: add logs reopen command

Browse Source 
We did had a race condition with running logrotate with multiple
EVE Json files. Consequence was one of the file not being reopen
by suricata that did continue to write to the rotated one.

Trying fix on signal handler did fail so this patch implements
log rotation support by adding a dedicated command to unix socket
to reopen the log files.
pull/3104/head
Eric Leblond 7 years ago committed by Victor Julien
parent cf8d770caa
commit 3205a8789b
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File

9
src/unix-manager.c
Unescape Escape View File

@ -44,6 +44,7 @@
#include <jansson.h>
#include "output.h"
#include "output-json.h"
// MSG_NOSIGNAL does not exists on OS X
@ -839,6 +840,13 @@ static TmEcode UnixManagerListCommand(json_t *cmd,
}
static TmEcode UnixManagerReopenLogFiles(json_t *cmd, json_t *server_msg, void *data)
{
OutputNotifyFileRotation();
json_object_set_new(server_msg, "message", json_string("done"));
SCReturnInt(TM_ECODE_OK);
}
#if 0
TmEcode UnixManagerReloadRules(json_t *cmd,
json_t *server_msg, void *data)
@ -998,6 +1006,7 @@ int UnixManagerInit(void)
UnixManagerRegisterCommand("add-hostbit", UnixSocketHostbitAdd, &command, UNIX_CMD_TAKE_ARGS);
UnixManagerRegisterCommand("remove-hostbit", UnixSocketHostbitRemove, &command, UNIX_CMD_TAKE_ARGS);
UnixManagerRegisterCommand("list-hostbit", UnixSocketHostbitList, &command, UNIX_CMD_TAKE_ARGS);
UnixManagerRegisterCommand("reopen-log-files", UnixManagerReopenLogFiles, NULL, 0);
return 0;
}

Write Preview
Loading…
Cancel
Save