[Oisf-users] Rotated log files created, but logs go to rotated files
Jason Ish
lists at unx.ca
Fri Jun 26 17:50:21 UTC 2015
On Fri, Jun 26, 2015 at 11:45 AM, Jeremy MJ <jskier at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Went to ext4. Odd, I think it has to do with the size of the logs,
> because it will rotate on log rotate force when the files are smaller.
> I see no reason why a moderate size (80MB) rotation will work just fine.
>
> So, there are two issues, one: plain log output isn't working right at
> all (not part of the HUP), two: eve logs do not properly rotate over a
> certain size.
Yes, this is a definite issue which I will address soon.
As for rotation over 80MB? My eve.log normally gets to 300MB or so
before rotation by logrotate just fine. Anyways, if you are seeing an
issue with rotating large file sizes its more likely your logrotate
program than Suricata, as all Suricata does on HUP is close the
existing log file, then re-open it - appending if it already exists,
or creating a new file if it doesn't exist, so the size should not be
an issue.
> I will put in these issues shortly,
Thanks,
Jason
More information about the Oisf-users
mailing list