Le 26 janvier 2026 20:32:26 GMT+01:00, Andreas Dolp <dev@andreas- dolp.de> a écrit : >Control: tags -1 +confirmed >Control: found -1 suricata/2.0.8-1 >Control: severity -1 minor > >Hi Alban, > >thanks for reporting this. > >I could reproduce this behaviour on a current Debian trixie with suricata/1:7.0.10-1+deb13u2. > >To do so, I started suricata to generate some logfiles like the eve.json and then stopped it by `systemctl stop suricata`. Running `logrotate --force /etc/logrotate.conf` led to the error (`cat: /var/run/suricata.pid: No such file or directory`) as you stated, so I think I can confirm this as a bug. > >According to the git history, the postrotate-line was introduced in de06e0eb [3], which was suricata/2.0.8-1 and it's even there in the current unstable suricata/1:8.0.3-1. > >For unstable I will do a fix in accordance to the upstream docs about logrotate, see [1], so that we get a little closer to the upstream recommendations.
Agreed even if I prefer not to run a command unnecessarily. I've if the profile does not exists the kill command should not run instead of running it but ignoring it's error. But it should be discussed with upstream to get the doc changed or kept as is if no agreement. So fine with me about this upstream fix. > >Because this is probably of severity minor [2], there will be no fix for trixie. As a workaroud, the postrotate command from the upstream docs can be used in an individual logrotate config. I disagree with this being a minor bug. Indeed it is minor for suricata itself. But it breaks logrotate completely. As far as I understand no further log rotation happens after this error. Log rotate is dead. So it might breaks other packages. This is not minor. Please revert the severity. >Best regards, >Andreas > >[1] https://docs.suricata.io/en/suricata-8.0.3/output/log-rotation.html >[2] https://www.debian.org/Bugs/Developer#severities >[3] https://salsa.debian.org/pkg-suricata-team/pkg-suricata/-/commit/de06e0eb >
