[Oisf-users] Rotating Suricata logs
Ralph Adame
radame at radame.org
Sun Jul 18 12:58:50 UTC 2010
Hi all. Does anyone have fast.log successfully rotating (fast.log,
fast.log.1.gz, etc..) via rsyslog on Ubuntu 10.04?
I have the following configured in suricata.yaml,
- fast:
enabled: yes
facility: local5.info
and the standard file defined in /etc/logrotate.d/
/var/log/suricata/fast.log {
rotate 6
daily
compress
missingok
notifempty
sharedscripts
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}
Logging works fine but when log rotation happens each morning suricata stops
logging to fast.log altogether. Rotation works fine for Snort, just
wondering if this
is a suricta issue or Ubuntu. Thank you.
- rad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100718/2371aa6c/attachment-0002.html>
More information about the Oisf-users
mailing list