[Oisf-users] Any solution about rotating suricata logs?
Edward Fjellskål
edwardfjellskaal at gmail.com
Tue Nov 29 10:08:50 UTC 2011
On 11/29/2011 09:58 AM, carlopmart wrote:
> Hi all,
>
> Due to a lot information stored under http.log, I need to run logrotate
> on it. Searching mailing list about this particular, I see this:
>
> http://lists.openinfosecfoundation.org/pipermail/oisf-devel/2011-September/000726.html
>
> Exists any "clean" solution to do this??
>
> ---
> CL Martinez
> carlopmart {at} gmail {d0t} com
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
/logrotete + copytruncate/ ?
basically it does something like:
cp http.log http.log.1 && > http.log
If you gzip the files, you should get about 80-90% reduction. in size.
and if you use zgrep to grep for stuff in the gziped log files, it can
actually be faster
than using grep on the uncompressed files.
My tests here now:
http.log = 1.3 GB
http.log.gz = 174 MB
time grep google http.log > /dev/null
real 0m23.604s
time zgrep google http.log.gz > dev/null
real 0m8.332s
E
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20111129/189f5d3e/attachment-0002.html>
More information about the Oisf-users
mailing list