From: Eric Leblond <eric@regit.org>
Date: Mon, 27 Nov 2017 10:23:24 +0000 (+0100)
Subject: unix-socket: add logs reopen command
X-Git-Tag: suricata-4.1.0-beta1~448
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3205a8789b418dc601e85bc90b92d0091834fd7c;p=thirdparty%2Fsuricata.git

unix-socket: add logs reopen command

We did had a race condition with running logrotate with multiple
EVE Json files. Consequence was one of the file not being reopen
by suricata that did continue to write to the rotated one.

Trying fix on signal handler did fail so this patch implements
log rotation support by adding a dedicated command to unix socket
to reopen the log files.
---

diff --git a/src/unix-manager.c b/src/unix-manager.c
index 29f3e9f183..0fae98a879 100644
--- a/src/unix-manager.c
+++ b/src/unix-manager.c
@@ -44,6 +44,7 @@
 
 #include <jansson.h>
 
+#include "output.h"
 #include "output-json.h"
 
 // MSG_NOSIGNAL does not exists on OS X
@@ -839,6 +840,13 @@ static TmEcode UnixManagerListCommand(json_t *cmd,
 }
 
 
+static TmEcode UnixManagerReopenLogFiles(json_t *cmd, json_t *server_msg, void *data)
+{
+    OutputNotifyFileRotation();
+    json_object_set_new(server_msg, "message", json_string("done"));
+    SCReturnInt(TM_ECODE_OK);
+}
+
 #if 0
 TmEcode UnixManagerReloadRules(json_t *cmd,
                                json_t *server_msg, void *data)
@@ -998,6 +1006,7 @@ int UnixManagerInit(void)
     UnixManagerRegisterCommand("add-hostbit", UnixSocketHostbitAdd, &command, UNIX_CMD_TAKE_ARGS);
     UnixManagerRegisterCommand("remove-hostbit", UnixSocketHostbitRemove, &command, UNIX_CMD_TAKE_ARGS);
     UnixManagerRegisterCommand("list-hostbit", UnixSocketHostbitList, &command, UNIX_CMD_TAKE_ARGS);
+    UnixManagerRegisterCommand("reopen-log-files", UnixManagerReopenLogFiles, NULL, 0);
 
     return 0;
 }