Suricata suricata.log not rotated
-
Hello,
I set up suricata log rotation with 10MB directory size limit, however suricata.log file keeps growing. As soon as it go over 10MB all of my other suricata log files get rotated every 5 minutes. I realized this by spotting this log message in system logs and checking the log directory.
What should I do to get suricata.log rotated automatically?
Suricata version: 4.0.13_9
Nov 11 21:05:00 php-cgi suricata_check_cron_misc.inc: [Suricata] Log directory size exceeds configured limit of 10 MB set on Global Settings tab. Starting cleanup of suricata logs. [2.4.4-RELEASE][admin@pfSense.home.local]/root: ls -lha /var/log/suricata/suricata_em011138/ total 50792 drw-rw---- 2 root wheel 512B Oct 31 09:42 . drwxr-xr-x 3 root wheel 512B Oct 31 09:41 .. -rw-r----- 1 root wheel 0B Nov 11 21:05 alerts.log -rw-r--r-- 1 root wheel 0B Nov 11 21:05 sid_changes.log -rw-r--r-- 1 root wheel 50M Nov 11 00:31 suricata.log
Thank you.
-
This is fixed in the next update that should be posted very soon. The fix will simply truncate that log file upon each startup of Suricata as that file only contains startup information pertinent to the current run of Suricata. No alert information is logged to that file.