[Oisf-users] Log Rotation with Suricata
Yasha Zislin
coolyasha at hotmail.com
Mon Jul 7 15:15:26 UTC 2014
Thank you Peter and David.
I will give it a shot.
Date: Mon, 7 Jul 2014 10:07:37 -0500
Subject: Re: [Oisf-users] Log Rotation with Suricata
From: davidvasil at gmail.com
To: coolyasha at hotmail.com
CC: oisf-users at lists.openinfosecfoundation.org
Yasha, I've used the following with success. The 'copytruncate' directive is what you want to allow suricata to continue writing to the same file handle while rotating off old stats.
"/var/log/suricata/stats.log" { daily compress copytruncate rotate 7 missingok}
-david vasil
On Mon, Jul 7, 2014 at 10:02 AM, Yasha Zislin <coolyasha at hotmail.com> wrote:
I am trying to logrotate stats.log file
My logrotate config for that file is
/var/log/suricata/stats.log {
missingok
notifempty
size 20k
weekly
create 0640 suricata suricata
}
I am not an expert on logrotate but this was working for other system files like syslog.
So stats.log rotated this past friday but Suricata is still writting to old file.
-rw-r----- 1 suricata suricata 0 Jul 6 03:12 stats.log
-rw-r----- 1 root root 1019158188 Jul 7 11:01 stats.log-20140706
Does anybody know how to get logrotation configured with Suricata for stats.log file?
Thanks.
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140707/f6c33d67/attachment-0002.html>
More information about the Oisf-users
mailing list