From d00950be81d3f70ad1e363c75c97dd753dd2f3b5 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 5 Apr 2019 13:53:59 +0200
Subject: [PATCH] log/file: use default-log-dir for suricata.log

Default to just suricata.log instead of the full path, so that
in user mode we can log in the user mode location.
---
 src/util-debug.c | 20 ++++++++++++--------
 src/util-debug.h |  2 +-
 suricata.yaml.in |  2 +-
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/util-debug.c b/src/util-debug.c
index e4f303711a..678b0e0050 100644
--- a/src/util-debug.c
+++ b/src/util-debug.c
@@ -1397,8 +1397,17 @@ void SCLogLoadConfig(int daemon, int verbose)
                     "Logging to file requires a filename");
                 exit(EXIT_FAILURE);
             }
+            char *path = NULL;
+            if (!(PathIsAbsolute(filename))) {
+                path = SCLogGetLogFilename(filename);
+            } else {
+                path = SCStrdup(filename);
+            }
+            if (path == NULL)
+                FatalError(SC_ERR_FATAL, "failed to setup output to file");
             have_logging = 1;
-            op_iface_ctx = SCLogInitFileOPIface(filename, format, level, type);
+            op_iface_ctx = SCLogInitFileOPIface(path, format, level, type);
+            SCFree(path);
         }
         else if (strcmp(output->name, "syslog") == 0) {
             int facility = SC_LOG_DEF_SYSLOG_FACILITY;
@@ -1454,16 +1463,11 @@ void SCLogLoadConfig(int daemon, int verbose)
  */
 static char *SCLogGetLogFilename(const char *filearg)
 {
-    const char *log_dir;
-    char *log_filename;
-
-    log_dir = ConfigGetLogDirectory();
-
-    log_filename = SCMalloc(PATH_MAX);
+    const char *log_dir = ConfigGetLogDirectory();
+    char *log_filename = SCMalloc(PATH_MAX);
     if (unlikely(log_filename == NULL))
         return NULL;
     snprintf(log_filename, PATH_MAX, "%s/%s", log_dir, filearg);
-
     return log_filename;
 }
 
diff --git a/src/util-debug.h b/src/util-debug.h
index 85b40bcb25..b3fdd50161 100644
--- a/src/util-debug.h
+++ b/src/util-debug.h
@@ -99,7 +99,7 @@ typedef enum {
 #define SC_LOG_DEF_LOG_OP_IFACE SC_LOG_OP_IFACE_CONSOLE
 
 /* The default log file to be used */
-#define SC_LOG_DEF_LOG_FILE "sc_ids_log.log"
+#define SC_LOG_DEF_LOG_FILE "suricata.log"
 
 /* The default syslog facility to be used */
 #define SC_LOG_DEF_SYSLOG_FACILITY_STR "local0"
diff --git a/suricata.yaml.in b/suricata.yaml.in
index e7732fc263..1a58252230 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -596,7 +596,7 @@ logging:
   - file:
       enabled: yes
       level: info
-      filename: @e_logdir@suricata.log
+      filename: suricata.log
       # type: json
   - syslog:
       enabled: no
-- 
2.47.2