Unix reopen command #3081
Unix reopen command #3081
Conversation
We did had a race condition with running logrotate with multiple EVE Json files. Consequence was one of the file not being reopen by suricata that did continue to write to the rotated one. Trying fix on signal handler did fail so this patch implements log rotation support by adding a dedicated command to unix socket to reopen the log files.
|
@jasonish can you have a look at this? Looks ok to me but I do wonder if there is any risk around synchronization/threading. E.g. if both unix-socket and signals code would act in parallel. |
|
for info - this PR solves a problem of logrotating that i have observed on live traffic boxes that i have discussed with @jasonish a while back ago. |
|
What about making the "flag" value volatile? Looking at this, I think it should have been made volatile from the start. It should not require synchronization then over what volatile already provides. |
|
On 13-12-17 14:10, Jason Ish wrote:
What about making the "flag" value volatile? Looking at this, I think it
should have been made volatile from the start. It should not require
synchronization then over what volatile already provides.
In that case I prefer making it an atomic. Those are free except for
'sets', so should be a good fit.
But the list we're walking is static after init, right?
|
Yup, even better.
Correct. |
|
Added the atomic flag thing as a ticket: https://redmine.openinfosecfoundation.org/issues/2378 I don't think it should block this PR. |
|
Merged through #3104, thanks Eric! |
Add a unix socket command to trigger log files reopening.
Link to redmine ticket:
Describe changes:
PRScript output: