Enable Suricata Analysis causes error

[lYlantis]

Describe the bug
Enable Suricata Analysis in the config file results in error in docker container

To Reproduce
Use the Malcolm or hedgehog profile installed via docker and select Enable Suricata Analysis.

Expected behavior
The docker container to start without issue.

**Screenshots and/or Logs **

usermod: no changes
root
uid=0(root) gid=0(root) groups=0(root)
2026-01-06 20:18:34,497 CRIT Server 'unix_http_server' running without any HTTP authentication checking
{"level":"warning","msg":"process reaping disabled, not pid 1","time":"2026-01-06T20:18:35Z"}
{"level":"info","msg":"read crontab: /etc/crontab","time":"2026-01-06T20:18:35Z"}
Error: suricata: The logging directory "/var/log/suricata/live" supplied at the command-line (-l /var/log/suricata/live) doesn't exist. Shutting down the engine.

Malcolm Version:

• Version malcolm-25.12.1-docker

How are you running Malcolm?

• ISO installed (on VM or dedicated hardware)
• [X ] via Docker on Linux
• via Docker on Microsoft Windows
• via Docker on macOS
• via Kubernetes (please provide platform details: e.g., on-prem K3s, Amazon AWS EKS, Microsoft Azure AKS, etc.)
• other (please describe)