[Oisf-users] Don't need no stinking logs
Peter Manev
petermanev at gmail.com
Fri Dec 14 12:44:35 UTC 2018
On Thu, Dec 13, 2018 at 7:05 PM James Moe <jimoe at sohnen-moe.com> wrote:
>
> On 12/12/2018 2.19 PM, Peter Manev wrote:
>
> > rollover - you mean logrotate ?
> >
> Yes.
>
> > > or when suricata is restarted it doesn't not repopulate ?
> >
> Yes.
>
> Non-repopulation is more likely with a reload than a restart.
> Today, stats.log is logging.
>
I may have missed it somewhere else but not sure if you have the HUP
routine in the logrotation -
https://suricata.readthedocs.io/en/latest/output/log-rotation.html?highlight=logrotate
> ----[ custom logrotate ]----
> # Filename: logrotate-suricata
> # 20181112: Suricata is restarted separately.
> #
> compress
> compresscmd /usr/bin/xz
> #
> /data01/var/log/suricata/fast.log {
> dateext
> maxage 3
> rotate 1
> size=2M
> create
> notifempty
> missingok
> postrotate
> chmod 644 /data01/var/log/suricata/*.log
> endscript
> }
> #
> /data01/var/log/suricata/alert-debug.log
> /data01/var/log/suricata/drop.log /data01/var/log/suricata/eve.json.log
> /data01/var/log/suricata/stats.log /data01/var/log/suricata/dns.log {
> dateext
> maxage 50
> rotate 6
> size=2M
> create
> notifempty
> missingok
> postrotate
> chmod 644 /data01/var/log/suricata/*.log
> endscript
> }
> ----[ end ]----
>
>
> ----[ cron rules ]----
> 53 04 * * * /usr/local/etc/init.d/suricata-ctl rules
> 57 04 * * * /usr/sbin/logrotate
> /data01/var/log/suricata/logrotate-suricata
> 59 04 * * * /usr/bin/systemctl restart suricata.service
> ----[ end ]----
>
>
> --
> James Moe
> moe dot james at sohnen-moe dot com
> 520.743.3936
> Think.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list