[Oisf-users] Log Rotation

Charles Devoe Charles.Devoe at cisecurity.org
Tue Nov 27 15:07:20 UTC 2018

I am trying to get log rotation working.  I have put this in my suricata.yaml file to attempt log rotation every 1 minute.  Using Suricata 4.0.4

as a side note, I'm not sure where I came up with this.

  - eve-log:
      enabled: yes
      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
      filename: biflow.json
      rotate-interval: 1m
        # bi-directional flows
        - flow
        # uni-directional flows
        #- netflow
        # Vars log flowbits and other packet and flow vars
        #- vars

The documentation says

The following is an example logrotate configuration file that will rotate Suricata log files then send Suricata a SIGHUP triggering Suricata to open new files:

/var/log/suricata/*.log /var/log/suricata/*.json
    rotate 3
            /bin/kill -HUP `cat /var/run/suricata.pid 2>/dev/null` 2>/dev/null || true

I am however, unclear as to where this goes or how it is used.

Could I get just a little more guidance please????????

Thanks in Advance
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . . . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181127/0baf19f4/attachment.html>

More information about the Oisf-users mailing list