[Oisf-users] Log Rotation

[Charles Devoe]

I am trying to get log rotation working.  I have put this in my suricata.yaml file to attempt log rotation every 1 minute.  Using Suricata 4.0.4

as a side note, I'm not sure where I came up with this.

  - eve-log:
      enabled: yes
      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
      filename: biflow.json
      rotate-interval: 1m
      types:
        # bi-directional flows
        - flow
        # uni-directional flows
        #- netflow
        # Vars log flowbits and other packet and flow vars
        #- vars
        #

The documentation says


The following is an example logrotate configuration file that will rotate Suricata log files then send Suricata a SIGHUP triggering Suricata to open new files:

/var/log/suricata/*.log /var/log/suricata/*.json
{
    rotate 3
    missingok
    nocompress
    create
    sharedscripts
    postrotate
            /bin/kill -HUP `cat /var/run/suricata.pid 2>/dev/null` 2>/dev/null || true
    endscript
}

I am however, unclear as to where this goes or how it is used.

Could I get just a little more guidance please????????

Thanks in Advance
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . . . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181127/0baf19f4/attachment.html>