Limiting suricata logs
-
I have enabled DNS logging in suricata, but I noticed that the logs keep growing every day. I would like to be able to limit the logs and maybe perform some sort of rotation to ensure the logs don't grow too much over time. I read something about log rotation and suricata, but not sure if there is mechanism embedded in the application. I have performed a full pfsense install and using an SSD, so the logs are stored on SSD, not in RAM.
Martin
-
Uhm… there's a HUGE slew of settings in the Suricata GUI itself, in the Logs Mgmt tab!
-
When I click on the Log Mgmt tab, I get a "404 - Not Found" message on an empty page.
I also get this error when I click on some of the other tabs (Blocks, Pass Lists, Logs View, SID Mgmt, IP Lists).
I am using suricata 2.1.5 and pfsense 2.2.3-RELEASE-pfSense (amd64).
Martin
-
Sucks to be you. Upgrade your pfSense to get maintained package versions. Also, the package you have is obviously not correctly installed, at least reinstall it.
-
I did reinstall the package, which upgraded it to version 2.1.6 and things are working fine now.
Martin