[Oisf-users] Log Rotation with Suricata
David Vasil
davidvasil at gmail.com
Mon Jul 7 15:07:37 UTC 2014
Yasha,
I've used the following with success. The 'copytruncate' directive is
what you want to allow suricata to continue writing to the same file handle
while rotating off old stats.
"/var/log/suricata/stats.log" {
daily
compress
copytruncate
rotate 7
missingok
}
-david vasil
On Mon, Jul 7, 2014 at 10:02 AM, Yasha Zislin <coolyasha at hotmail.com> wrote:
> I am trying to logrotate stats.log file
>
> My logrotate config for that file is
> /var/log/suricata/stats.log {
> missingok
> notifempty
> size 20k
> weekly
> create 0640 suricata suricata
> }
>
> I am not an expert on logrotate but this was working for other system
> files like syslog.
>
> So stats.log rotated this past friday but Suricata is still writting to
> old file.
> -rw-r----- 1 suricata suricata 0 Jul 6 03:12 stats.log
> -rw-r----- 1 root root 1019158188 Jul 7 11:01 stats.log-20140706
>
> Does anybody know how to get logrotation configured with Suricata for
> stats.log file?
>
> Thanks.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140707/7bae7b4f/attachment-0002.html>
More information about the Oisf-users
mailing list