[Oisf-users] Don't need no stinking logs
James Moe
jimoe at sohnen-moe.com
Thu Dec 13 18:05:09 UTC 2018
On 12/12/2018 2.19 PM, Peter Manev wrote:
> rollover - you mean logrotate ?
>
Yes.
> > or when suricata is restarted it doesn't not repopulate ?
>
Yes.
Non-repopulation is more likely with a reload than a restart.
Today, stats.log is logging.
----[ custom logrotate ]----
# Filename: logrotate-suricata
# 20181112: Suricata is restarted separately.
#
compress
compresscmd /usr/bin/xz
#
/data01/var/log/suricata/fast.log {
dateext
maxage 3
rotate 1
size=2M
create
notifempty
missingok
postrotate
chmod 644 /data01/var/log/suricata/*.log
endscript
}
#
/data01/var/log/suricata/alert-debug.log
/data01/var/log/suricata/drop.log /data01/var/log/suricata/eve.json.log
/data01/var/log/suricata/stats.log /data01/var/log/suricata/dns.log {
dateext
maxage 50
rotate 6
size=2M
create
notifempty
missingok
postrotate
chmod 644 /data01/var/log/suricata/*.log
endscript
}
----[ end ]----
----[ cron rules ]----
53 04 * * * /usr/local/etc/init.d/suricata-ctl rules
57 04 * * * /usr/sbin/logrotate
/data01/var/log/suricata/logrotate-suricata
59 04 * * * /usr/bin/systemctl restart suricata.service
----[ end ]----
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181213/36c233c4/attachment.sig>
More information about the Oisf-users
mailing list