From: Victor Julien <victor@inliniac.net>
Date: Thu, 6 Dec 2012 13:48:56 +0000 (+0100)
Subject: unified2: append open instead of trucate open so that in case we rotate within a... 
X-Git-Tag: suricata-1.4~12
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=72443a0d62fb335652f68fdc89437006ba23fb31;p=thirdparty%2Fsuricata.git

unified2: append open instead of trucate open so that in case we rotate within a second we don't overwrite files. Instead we violate the limit.
---

diff --git a/src/alert-unified2-alert.c b/src/alert-unified2-alert.c
index 07bd44d7f7..6ee07478ac 100644
--- a/src/alert-unified2-alert.c
+++ b/src/alert-unified2-alert.c
@@ -1084,7 +1084,7 @@ int Unified2AlertOpenFileCtx(LogFileCtx *file_ctx, const char *prefix)
 
     snprintf(filename, PATH_MAX, "%s/%s.%" PRIu32, log_dir, prefix, (uint32_t)ts.tv_sec);
 
-    file_ctx->fp = fopen(filename, "wb");
+    file_ctx->fp = fopen(filename, "ab");
     if (file_ctx->fp == NULL) {
         SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", filename,
             strerror(errno));