cd /etc/logrotate.d/ vi /etc/logrotate.d/suricata
/var/log/suricata/*.json { hourly rotate 1 missingok compress delaycompress create sharedscripts postrotate /bin/kill -HUP `cat /var/run/suricata.pid 2>/dev/null` 2>/dev/null || true endscript } /var/log/suricata/*.log { daily rotate 3 missingok compress delaycompress create sharedscripts postrotate /bin/kill -HUP `cat /var/run/suricata.pid 2>/dev/null` 2>/dev/null || true #/bin/kill -HUP `pgrep suricata` endscript }
cd /etc/ cp -pi cron.daily/logrotate cron.hourly/
note in case you don’t have that PID file for some reason
#/bin/kill -HUP `pgrep suricata`
https://docs.suricata.io/en/latest/output/log-rotation.html –> suricata sample