logrotate // suricata logs

    cd /etc/logrotate.d/
vi /etc/logrotate.d/suricata

/var/log/suricata/*.json {
    hourly
    rotate 1
    missingok
    compress
    delaycompress
    create
    sharedscripts
    postrotate
            /bin/kill -HUP `cat /var/run/suricata.pid 2>/dev/null` 2>/dev/null || true
    endscript
}

/var/log/suricata/*.log {
    daily
    rotate 3
    missingok
    compress
    delaycompress
    create
    sharedscripts
    postrotate
            /bin/kill -HUP `cat /var/run/suricata.pid 2>/dev/null` 2>/dev/null || true
            #/bin/kill -HUP `pgrep suricata`
    endscript
}

    cd /etc/
    cp -pi cron.daily/logrotate cron.hourly/

note in case you don’t have that PID file for some reason

        #/bin/kill -HUP `pgrep suricata`

resources

https://docs.suricata.io/en/latest/output/log-rotation.html –> suricata sample


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun