[Oisf-users] Log Rotation with Suricata
Peter Manev
petermanev at gmail.com
Mon Jul 7 15:07:32 UTC 2014
> On 7 jul 2014, at 17:02, Yasha Zislin <coolyasha at hotmail.com> wrote:
>
> I am trying to logrotate stats.log file
>
> My logrotate config for that file is
> /var/log/suricata/stats.log {
> missingok
> notifempty
> size 20k
> weekly
> create 0640 suricata suricata
> }
>
> I am not an expert on logrotate but this was working for other system files like syslog.
>
> So stats.log rotated this past friday but Suricata is still writting to old file.
You should use the "copytruncate "
option aswell ...
size 20k - is way too small in my opinion.
> -rw-r----- 1 suricata suricata 0 Jul 6 03:12 stats.log
> -rw-r----- 1 root root 1019158188 Jul 7 11:01 stats.log-20140706
>
> Does anybody know how to get logrotation configured with Suricata for stats.log file?
>
> Thanks.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140707/97ebffac/attachment-0002.html>
More information about the Oisf-users
mailing list