logrotate // suricata logs

    cd /etc/logrotate.d/
vi suricata

# no delaycompress
/var/log/suricata/*.json {
    hourly
    rotate 1
    missingok
    compress
    create
    sharedscripts
    postrotate
            /bin/kill -HUP `cat /var/run/suricata.pid 2>/dev/null`
    endscript
}

/var/log/suricata/*.log {
    daily
    rotate 3
    missingok
    compress
    delaycompress
    create
    sharedscripts
    postrotate
            /bin/kill -HUP `cat /var/run/suricata.pid 2>/dev/null`
    endscript
}

additional notes

in case you don’t have that PID file for some reason

        #/bin/kill -HUP `pgrep suricata`

resources

https://docs.suricata.io/en/latest/output/log-rotation.html –> suricata sample