Hi,
we use suricata Version 6.0.1.
Each time we use the suricatasc tool, we get the following log entry in /var/log/suricata/suricata.log
<Info> - Unix socket: lost connection with client
Seems that suricatasc not terminating the session correctly.
Does anybody have the same behavior?
Not sure if this is a bug.
Hi,
how do you run and “exit” suricatasc? And yes I see that message quite often. It shouldn’t be an issue but maybe something worth to improve a bit more.
Hi Andreas,
we use suricatasc within a cronjob as reload-command for suricata-update
suricata-update --reload-command='suricatasc -c ruleset-reload-nonblocking'
But the Info <Info> - Unix socket: lost connection with client is shown on every use of suricatasc.
If I just type suricatasc and terminate with quit the Info is shown in the log.
I can´t see any issues on the systems, is just the log entries for each cron run.
Should I make a bug Ticket?
I would say so. I looked into the code section and there is even a spot where this messages is just for Debug output in the “UnixCommandRun” function. I would argue that it either should not be logged or rephrased to “connection closed by client”. So I would see it more like a notification. I will let the other Devs think about that as well 
I would argue that unix-socket: Avoid spurious logs on close · OISF/suricata@a64783b · GitHub matches your case. I still think the message could be improved.
I highly recommend to update 6.0.1 to 6.0.4 not only for improvements but also security fixes.
that fits. Many thanks for your help!