[Oisf-users] Rotating Suricata logs
Victor Julien
victor at inliniac.net
Mon Jul 19 21:29:50 UTC 2010
I've seen this before in other linux programs. We might need to
implement reloading of the file on a HUP signal or similar.
Anyone with other ideas?
Cheers,
Victor
Ralph Adame wrote:
> Hi all. Does anyone have fast.log successfully rotating (fast.log,
> fast.log.1.gz, etc..) via rsyslog on Ubuntu 10.04?
>
> I have the following configured in suricata.yaml,
>
> - fast:
> enabled: yes
> facility: local5.info <http://local5.info>
>
> and the standard file defined in /etc/logrotate.d/
>
> /var/log/suricata/fast.log {
> rotate 6
> daily
> compress
> missingok
> notifempty
> sharedscripts
> postrotate
> reload rsyslog >/dev/null 2>&1 || true
> endscript
> }
>
> Logging works fine but when log rotation happens each morning suricata
> stops logging to fast.log altogether. Rotation works fine for Snort,
> just wondering if this
> is a suricta issue or Ubuntu. Thank you.
>
> - rad
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list