[Oisf-users] Suricata 4.0.0-rc1 ready for testing!
Jason Ish
ish at unx.ca
Wed Jun 28 17:48:14 UTC 2017
On 28/06/17 11:39 AM, oisf countersnipe.com wrote:
> Hi Victor
>
> Thank you for the updates. Is there some more detail on
> 'Feature #1636: Signal rotation of unified2 log file without restart'
> in terms of what it replaces/offers as new?
With eve logging (eve.json), if you send Suricata a SIGHUP the file will
be closed and re-opened in append mode. This behaviour now applies to
unified2 as well. It allows an external logrotate tool to move the
current file out of the way, then send a SIGHUP for Suricata to re-open.
As its append mode, if the file is not moved out of the way, nothing
really happens. So if you use Barnyard2 for processing your unified2 you
don't really have to worry about it.
Hope that helps,
Jason
More information about the Oisf-users
mailing list