Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logrotate and doc updates for threaded Eve logging - v1 #5436

Closed
wants to merge 3 commits into from
Closed

Logrotate and doc updates for threaded Eve logging - v1 #5436

wants to merge 3 commits into from

Conversation

jasonish
Copy link
Member

  • Update logrotate template.
  • Update logrotation documentation to mention threaded Eve logging

@jasonish
logrotate: reindent to 4 spaces
549cac1 
4 spaces seems to be the norm on Linux, so reindent from a mix
of 8 spaces and tabs to 4 spaces.
@jasonish
etc/logrotate: update sample file to handle threaded eve
3d306ea 
Move old log files to an "olddir". This will make it easier for
other tools consuming Eve files to operate, and not pick up rotated
log files.

Add threaded Eve log files to the filename match for rotation in a
that should not match existing rotated files such as "eve.json.1.1".
This is not strictly required when using olddir, but may prevent
issues when users only use a portion of our provided file as a
template.
@jasonish
doc/userguide: add note about threaded eve logging
0aca298 
Suggest the use of logrotate's "olddir" option if using threaded
Eve log.
@jasonish jasonish requested review from norg and a team as code owners September 23, 2020 18:10
@jlucovsky
Copy link
Contributor

See #5444 which adjusts the filename from eve.json.N to eve.N.json

jlucovsky
jlucovsky reviewed Sep 25, 2020
View reviewed changes
etc/suricata.logrotate.in
endscript

# If using threaded Eve output, it is best to move old logs to
# their own directory. But it also works fine when not usint
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: s/usint/using/

@victorjulien
Copy link
Member

I think this needs an update after the merge of #5461

@jasonish jasonish mentioned this pull request Oct 6, 2020
Closed
@jasonish
Copy link
Member Author

jasonish commented Oct 6, 2020

Updated here: #5475

@jasonish jasonish closed this Oct 6, 2020
@jasonish jasonish deleted the threaded-eve-logrotate/v1 branch August 15, 2024 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlucovsky jlucovsky jlucovsky left review comments

@norg norg Awaiting requested review from norg

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jasonish @jlucovsky @victorjulien