[Oisf-users] Log Rotation

Davide Setti d.setti at certego.net
Tue Nov 27 15:59:41 UTC 2018 

That lines states that you should use "logrotate" program to handle log
rotation

see https://linux.die.net/man/8/logrotate

Regards,
Davide

Il giorno mar 27 nov 2018 alle ore 16:07 Charles Devoe <
Charles.Devoe at cisecurity.org> ha scritto:

> I am trying to get log rotation working.  I have put this in my
> suricata.yaml file to attempt log rotation every 1 minute.  Using Suricata
> 4.0.4
>
> as a side note, I’m not sure where I came up with this.
>
>   - eve-log:
>
>       enabled: yes
>
>       filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
>
>       filename: biflow.json
>
>       rotate-interval: 1m
>
>       types:
>
>         # bi-directional flows
>
>         - flow
>
>         # uni-directional flows
>
>         #- netflow
>
>         # Vars log flowbits and other packet and flow vars
>
>         #- vars
>
>         #
>
>
> The documentation says
>
> The following is an example *logrotate* configuration file that will rotate Suricata log files then send Suricata a SIGHUP triggering Suricata to open new files:
>
> /var/log/suricata/*.log /var/log/suricata/*.json
>
> {
>
>     rotate 3
>
>     missingok
>
>     nocompress
>
>     create
>
>     sharedscripts
>
>     postrotate
>
>             /bin/kill -HUP `cat /var/run/suricata.pid 2>/dev/null`
> 2>/dev/null || true
>
>     endscript
>
> }
>
>
> I am however, unclear as to where this goes or how it is used.
>
> Could I get just a little more guidance please????????
>
> Thanks in Advance
> This message and attachments may contain confidential information. If it
> appears that this message was sent to you by mistake, any retention,
> dissemination, distribution or copying of this message and attachments is
> strictly prohibited. Please notify the sender immediately and permanently
> delete the message and any attachments.
>
> . . . . .
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/



-- 
<http://www.certego.net/>
Davide Setti
R&D and Incident Response Team, Certego
<http://www.linkedin.com/company/certego>  <http://twitter.com/Certego_IRT>
<http://github.com/certego>  <http://www.youtube.com/CERTEGOsrl>
<http://plus.google.com/117641917176532015312>
Use of the information within this document constitutes acceptance for use
in an "as is" condition. There are no warranties with regard to this
information; Certego has verified the data as thoroughly as possible. Any
use of this information lies within the user's responsibility. In no event
shall Certego be liable for any consequences or damages, including direct,
indirect, incidental, consequential, loss of business profits or special
damages, arising out of or in connection with the use or spread of this
information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181127/b664daa2/attachment-0001.html>

More information about the Oisf-users mailing list