[ERRCODE: SC_ERR_LOGDIR_CONFIG(116)] - (default-log-dir) is not writable

Hi all,

I use suricata 6.0.1 in Docker. My image usualy works fine but this time, on a CentOS 7.9, i have an error message when i want to launch my container.

sonde_ids | Error opening file /var/log/suricata//suricata.log
sonde_ids | 27/2/2021 – 00:09:25 - - This is Suricata version 6.0.1 RELEASE running in SYSTEM mode
sonde_ids | 27/2/2021 – 00:09:25 - - [ERRCODE: SC_ERR_LOGDIR_CONFIG(116)] - The logging directory “/var/log/suricata/” supplied by /etc/suricata/suricata.yaml (default-log-dir) is not writable. Shutting down the engine

I put a 777 rights on the /var/log/suricata/ and i have the same error.

Do you have an idea of the problem ?

Thanks

SELinux can make this happen. Its easily fixable by adding “:z” to the end of your volume. Otherwise there could be many reasons… If you post how you launch the container it might help figure out whats up.

Thanks a lot Jason. It works. You saved my life

Here is my docker-compose file with your update

version: ‘2.3’
services:
suricata:
build: .
container_name: suricata_ids
restart: always
network_mode: “host”
cap_add:
- NET_ADMIN
- SYS_NICE
- NET_RAW
image: “suricata_ids:1”
volumes:
- /var/log/suricata:/var/log/suricata:z

Do you think I can improve it ?

I think the only thing I do different is also have /etc/suricata as a volume, so I can edit the config from the host.

Y si tengo el mismo error pero en la terminal de Ubuntu y no en Docker,¿Que puedo hacer?