Suricatasc / Unix socket: lost connection with client

we use suricata Version 6.0.1.
Each time we use the suricatasc tool, we get the following log entry in /var/log/suricata/suricata.log

<Info> - Unix socket: lost connection with client

Seems that suricatasc not terminating the session correctly.
Does anybody have the same behavior?
Not sure if this is a bug.


how do you run and “exit” suricatasc? And yes I see that message quite often. It shouldn’t be an issue but maybe something worth to improve a bit more.

Hi Andreas,

we use suricatasc within a cronjob as reload-command for suricata-update

suricata-update --reload-command='suricatasc -c ruleset-reload-nonblocking'

But the Info <Info> - Unix socket: lost connection with client is shown on every use of suricatasc.
If I just type suricatasc and terminate with quit the Info is shown in the log.
I can´t see any issues on the systems, is just the log entries for each cron run.

Should I make a bug Ticket?

I would say so. I looked into the code section and there is even a spot where this messages is just for Debug output in the “UnixCommandRun” function. I would argue that it either should not be logged or rephrased to “connection closed by client”. So I would see it more like a notification. I will let the other Devs think about that as well :slight_smile:

I would argue that unix-socket: Avoid spurious logs on close · OISF/suricata@a64783b · GitHub matches your case. I still think the message could be improved.

I highly recommend to update 6.0.1 to 6.0.4 not only for improvements but also security fixes.

1 Like

that fits. Many thanks for your help!