mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
742 B
ReStructuredText
32 lines
742 B
ReStructuredText
Log Rotation
|
|
============
|
|
|
|
Starting with Suricata version 2.0.2 (#1200), log rotation is made a
|
|
lot easier. A HUP signal sent to Suricata will force it to reopen the
|
|
logfiles.
|
|
|
|
Example logrotate file:
|
|
|
|
::
|
|
|
|
/var/log/suricata/*.log /var/log/suricata/*.json
|
|
{
|
|
rotate 3
|
|
missingok
|
|
nocompress
|
|
create
|
|
sharedscripts
|
|
postrotate
|
|
/bin/kill -HUP $(cat /var/run/suricata.pid)
|
|
endscript
|
|
}
|
|
|
|
newsyslog based log rotation (e.g. on OpenBSD) /etc/newsyslog.conf:
|
|
|
|
::
|
|
|
|
/var/log/suricata/eve.json root:wheel 640 1 * 24 B /var/run/suricata.pid SIGHUP
|
|
|
|
The above rotates every 24h; the 'B' prevents a rotation logmessage in
|
|
eve.json. Fieldseperator is a TAB.
|