From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Wed, 9 Sep 2020 12:59:32 +0000 (-0400)
Subject: log/eve: Ensure eve logs have sequential suffixes
X-Git-Tag: suricata-6.0.0-rc1~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce603d662f1db0edd09b39cbf5192b7119404da9;p=thirdparty%2Fsuricata.git

log/eve: Ensure eve logs have sequential suffixes

This commit ensures that the eve logs have sequential suffixes without
gaps.
---

diff --git a/src/util-logopenfile.c b/src/util-logopenfile.c
index 3eb6566aba..f3af0c2b2b 100644
--- a/src/util-logopenfile.c
+++ b/src/util-logopenfile.c
@@ -44,6 +44,9 @@
 static bool LogFileNewThreadedCtx(LogFileCtx *parent_ctx, const char *log_path, const char *append, int i);
 static bool SCLogOpenThreadedFileFp(const char *log_path, const char *append, LogFileCtx *parent_ctx, int slot_count);
 
+// Threaded eve.json suffixes
+static SC_ATOMIC_DECL_AND_INIT_WITH_VAL(uint32_t, eve_file_suffix, 1);
+
 #ifdef BUILD_WITH_UNIXSOCKET
 /** \brief connect to the indicated local stream socket, logging any errors
  *  \param path filesystem path to connect to
@@ -721,7 +724,7 @@ static bool LogFileNewThreadedCtx(LogFileCtx *parent_ctx, const char *log_path,
 
     *thread = *parent_ctx;
     char fname[NAME_MAX];
-    snprintf(fname, sizeof(fname), "%s.%d", log_path, thread_id);
+    snprintf(fname, sizeof(fname), "%s.%d", log_path, SC_ATOMIC_ADD(eve_file_suffix, 1));
     SCLogDebug("Thread open -- using name %s [replaces %s]", fname, log_path);
     thread->fp = SCLogOpenFileFp(fname, append, thread->filemode);
     if (thread->fp == NULL) {
@@ -745,6 +748,7 @@ static bool LogFileNewThreadedCtx(LogFileCtx *parent_ctx, const char *log_path,
     return true;
 
 error:
+    SC_ATOMIC_SUB(eve_file_suffix, 1);
     if (thread->fp) {
         thread->Close(thread);
     }