From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Wed, 22 Feb 2017 06:54:26 +0000 (+0100)
Subject: doc: add documentation for eve-log file permissions
X-Git-Tag: suricata-4.0.0-beta1~243
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b233876640afa8efa9a2a2798535f256d63ed4d;p=thirdparty%2Fsuricata.git

doc: add documentation for eve-log file permissions
---

diff --git a/doc/userguide/output/eve/eve-json-output.rst b/doc/userguide/output/eve/eve-json-output.rst
index 800bf11750..d89430ebef 100644
--- a/doc/userguide/output/eve/eve-json-output.rst
+++ b/doc/userguide/output/eve/eve-json-output.rst
@@ -268,6 +268,23 @@ For most output types, you can add multiple:
 
 Except for ``drop`` for which only a single logger instance is supported.
 
+File permissions
+~~~~~~~~~~~~~~~~
+
+Log file permissions can be set individually for each logger. ``filemode`` can be used to
+control the permissions of a log file, e.g.:
+
+::
+
+  outputs:
+    - eve-log:
+        enabled: yes
+        filename: eve.json
+        filemode: 600
+
+The example above sets the file permissions on ``eve.json`` to 600, which means that it is
+only readable and writable by the owner of the file.
+
 JSON flags
 ~~~~~~~~~~