Control: tags -1 +confirmed Control: found -1 suricata/2.0.8-1 Control: severity -1 minor
Hi Alban, thanks for reporting this.I could reproduce this behaviour on a current Debian trixie with suricata/1:7.0.10-1+deb13u2.
To do so, I started suricata to generate some logfiles like the eve.json and then stopped it by `systemctl stop suricata`. Running `logrotate --force /etc/logrotate.conf` led to the error (`cat: /var/run/suricata.pid: No such file or directory`) as you stated, so I think I can confirm this as a bug.
According to the git history, the postrotate-line was introduced in de06e0eb [3], which was suricata/2.0.8-1 and it's even there in the current unstable suricata/1:8.0.3-1.
For unstable I will do a fix in accordance to the upstream docs about logrotate, see [1], so that we get a little closer to the upstream recommendations.
Because this is probably of severity minor [2], there will be no fix for trixie. As a workaroud, the postrotate command from the upstream docs can be used in an individual logrotate config.
Best regards, Andreas [1] https://docs.suricata.io/en/suricata-8.0.3/output/log-rotation.html [2] https://www.debian.org/Bugs/Developer#severities[3] https://salsa.debian.org/pkg-suricata-team/pkg-suricata/-/commit/de06e0eb
OpenPGP_0xD74D4EE0580CA4FC.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
