SC_ERR_LOGDIR_CONFIG(116)] - The logging directory "/var/log/suricata/" supplied by /etc/suricata//suricata.yaml (default-log-dir) is not writable

Vpcap_Tshark · June 23, 2022, 10:48am

I am seeing below error when I am running the test
test@Ubuntu:~$ suricata -T
23/6/2022 – 20:37:03 - - Running suricata under test mode
23/6/2022 – 20:37:03 - - This is Suricata version 6.0.4 RELEASE running in SYSTEM mode
23/6/2022 – 20:37:03 - - [ERRCODE: SC_ERR_LOGDIR_CONFIG(116)] - The logging directory “/var/log/suricata/” supplied by /etc/suricata//suricata.yaml (default-log-dir) is not writable. Shutting down the engine
test@Ubuntu:~$

OS details:
test@Ubuntu:~$ cat /etc/os-release
PRETTY_NAME=“Ubuntu 22.04 LTS”

In the selinux - semanage.conf
below are the uncommented lines
module-store = direct
expand-check=0

suricata.yaml- details
default-log-dir: /var/log/suricata/

the file /var/log/suricata.log - has been made chmod 777

I am still getting this error.

Regards
vpcap

Jeff_Lucovsky · June 23, 2022, 11:32am

The logging directory permissions are causing the issue; you can view them with ls -ld /var/log

You can

Change the logging directory used by Suricata by adding -l /path/to/new/logdir to the command line
Or, change the value of default-log-dir to a directory to which your userid has write permissions
Or, start Suricata with sudo

Topic		Replies	Views
Tail: cannot open ‘/var/log/suricata/suricata.log’ for reading: No such file or directory Help centos , suricata	3	873	November 8, 2022
Suricata-update ERRCODE: when suricata -T runs Rules	7	1707	February 22, 2023
Suricata-update aborts with permission error Help suricata-update	5	499	July 31, 2023
Error when running 4.1.8 but not 5.0.3 Help	6	847	September 9, 2020
Permissions in /var/lib/suricata to update rules as suricata user Help rules	2	96	April 6, 2024

SC_ERR_LOGDIR_CONFIG(116)] - The logging directory "/var/log/suricata/" supplied by /etc/suricata//suricata.yaml (default-log-dir) is not writable

Related Topics