[Oisf-users] Rotated log files created, but logs go to rotated files
Jason Ish
lists at unx.ca
Tue Jun 23 16:29:56 UTC 2015
On Tue, Jun 23, 2015 at 10:19 AM, Oliver Humpage <oliver at watershed.co.uk> wrote:
>
> On 23 Jun 2015, at 16:14, Jeremy MJ <jskier at gmail.com> wrote:
>
>> Okay, confirmed eve-log outputs appear to rotate fine, so switched
>> over to only those for now. Below is the current suri config I'm
>> testing.
>
> I found a very similar thing when I forgot to HUP suricata.
>
> I'm just wondering, perhaps su-ing to suri/suri means it's not HUPping the process for some reason.
>
> If you run the HUP postrotate line manually as root after doing a logrotate (you'll have to put the "create" line back in), does it start writing to the new files ?
>
So it looks like JSON output configured with <name>-json-log are not
hooked into the rotation system, where as the eve-log output is. So
one solution is to use multiple eve-log configurations with just the
output you want and its filename.
Jeremy: Would you like to create a ticket for this, including a
portion from your suricata.yaml?
Thanks,
Jason
More information about the Oisf-users
mailing list