Skip to content

Logrotate

Jump to bottom
Peter Manev edited this page Jun 16, 2020 · 8 revisions

There is also automatic log rotation implemented in /etc/logrotate.d/suricata :

/var/log/suricata/eve.json {
   daily
   rotate 30
       olddir /var/log/suricata/StatsByDate/
   compress
   missingok
   notifempty
   dateext
   postrotate
       /bin/kill -HUP $(cat /var/run/suricata.pid)
       /bin/kill -HUP $(cat /var/run/logstash.pid)
   endscript
}

# to see status
# cat /var/lib/logrotate/status
# to manually test - 
# logrotate --force /etc/logrotate.d/suricata

That would logrotate eve.json daily and would keep max 30 days old logs.You can use the example above for any other log file you would like to logrotate. More info about logrotate.

Clone this wiki locally