[Oisf-users] Any solution about rotating suricata logs?
carlopmart
carlopmart at gmail.com
Tue Nov 29 05:46:03 EST 2011
On Tue, 29 Nov 2011, Edward Fjellskål wrote:
> On 11/29/2011 09:58 AM, carlopmart wrote:
>
> Hi all,
>
> Due to a lot information stored under http.log, I need to run logrotate
> on it. Searching mailing list about this particular, I see this:
>
> http://lists.openinfosecfoundation.org/pipermail/oisf-devel/2011-September/000726.html
>
> Exists any "clean" solution to do this??
>
>
>
> logrotete + copytruncate ?
>
> basically it does something like:
> cp http.log http.log.1 && > http.log
>
> If you gzip the files, you should get about 80-90% reduction. in size.
> and if you use zgrep to grep for stuff in the gziped log files, it can actually be faster
> than using grep on the uncompressed files.
>
> My tests here now:
> http.log = 1.3 GB
> http.log.gz = 174 MB
>
> time grep google http.log > /dev/null
> real 0m23.604s
>
> time zgrep google http.log.gz > dev/null
> real 0m8.332s
>
Oops ... Your right Edward. Many thanks.
---
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the Oisf-users
mailing list