-
Notifications
You must be signed in to change notification settings - Fork 285
Logrotate
Peter Manev edited this page Jun 16, 2020
·
8 revisions
There is also automatic log rotation implemented in /etc/logrotate.d/suricata
/var/log/suricata/eve.json {
daily
rotate 30
olddir /var/log/suricata/StatsByDate/
compress
missingok
notifempty
dateext
postrotate
/bin/kill -HUP $(cat /var/run/suricata.pid)
/bin/kill -HUP $(cat /var/run/logstash.pid)
endscript
}
# to see status
# cat /var/lib/logrotate/status
# to manually test -
# logrotate --force /etc/logrotate.d/suricata
That would logrotate eve.json daily and would keep max 30 days old logs.You can use the example above for any other log file you would like to logrotate. More info about logrotate.