Limiting suricata logs



  • I have enabled DNS logging in suricata, but I noticed that the logs keep growing every day. I would like to be able to limit the logs and maybe perform some sort of rotation to ensure the logs don't grow too much over time. I read something about log rotation and suricata, but not sure if there is mechanism embedded in the application. I have performed a full pfsense install and using an SSD, so the logs are stored on SSD, not in RAM.

    Martin


  • Banned

    Uhm… there's a HUGE slew of settings in the Suricata GUI itself, in the Logs Mgmt tab!



  • When I click on the Log Mgmt tab, I get a "404 - Not Found" message on an empty page.

    I also get this error when I click on some of the other tabs (Blocks, Pass Lists, Logs View, SID Mgmt, IP Lists).

    I am using suricata 2.1.5 and pfsense 2.2.3-RELEASE-pfSense (amd64).

    Martin


  • Banned

    Sucks to be you. Upgrade your pfSense to get maintained package versions. Also, the package you have is obviously not correctly installed, at least reinstall it.



  • I did reinstall the package, which upgraded it to version 2.1.6 and things are working fine now.

    Martin