[Oisf-users] Rotated log files created, but logs go to rotated files
Jeremy MJ
jskier at gmail.com
Wed Jun 24 13:00:38 UTC 2015
Doing the force rotation was fine, but overnight appears to be stuck
on rotating into the rotated file. Very weird. The filesystem is zfs,
so it could be that.
Trying to run HUP as root as suggested. I'll do some more testing
first before putting in the issue.
--
Jeremy MJ
On Tue, Jun 23, 2015 at 11:29 AM, Jason Ish <lists at unx.ca> wrote:
> On Tue, Jun 23, 2015 at 10:19 AM, Oliver Humpage <oliver at watershed.co.uk> wrote:
>>
>> On 23 Jun 2015, at 16:14, Jeremy MJ <jskier at gmail.com> wrote:
>>
>>> Okay, confirmed eve-log outputs appear to rotate fine, so switched
>>> over to only those for now. Below is the current suri config I'm
>>> testing.
>>
>> I found a very similar thing when I forgot to HUP suricata.
>>
>> I'm just wondering, perhaps su-ing to suri/suri means it's not HUPping the process for some reason.
>>
>> If you run the HUP postrotate line manually as root after doing a logrotate (you'll have to put the "create" line back in), does it start writing to the new files ?
>>
>
> So it looks like JSON output configured with <name>-json-log are not
> hooked into the rotation system, where as the eve-log output is. So
> one solution is to use multiple eve-log configurations with just the
> output you want and its filename.
>
> Jeremy: Would you like to create a ticket for this, including a
> portion from your suricata.yaml?
>
> Thanks,
> Jason
More information about the Oisf-users
mailing list