From 0b19179630b0b6edea08b9710c1da7dd925de525 Mon Sep 17 00:00:00 2001
From: Wes <wlambertts@gmail.com>
Date: Wed, 19 Jul 2023 15:17:42 +0000
Subject: [PATCH] Add logrotate

---
 salt/logrotate/defaults.yaml      | 12 +++++++++++-
 salt/logrotate/soc_logrotate.yaml | 11 +++++++++--
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/salt/logrotate/defaults.yaml b/salt/logrotate/defaults.yaml
index 68095fcbd..311a344b3 100644
--- a/salt/logrotate/defaults.yaml
+++ b/salt/logrotate/defaults.yaml
@@ -90,7 +90,7 @@ logrotate:
       - extension .log
       - dateext
       - dateyesterday
-    /opt/so/log/fleet/*_x_log:
+    /opt/so/log/elasticfleet/*_x_log:
       - daily
       - rotate 14
       - missingok
@@ -100,6 +100,16 @@ logrotate:
       - extension .log
       - dateext
       - dateyesterday
+    /opt/so/log/elasticfleet/*_x_ndjson:
+      - daily
+      - rotate 14
+      - missingok
+      - copytruncate
+      - compress
+      - create
+      - extension .ndjson
+      - dateext
+      - dateyesterday
     /opt/so/log/suricata/*_x_log:
       - daily
       - rotate 14
diff --git a/salt/logrotate/soc_logrotate.yaml b/salt/logrotate/soc_logrotate.yaml
index 5b9fd720f..55ab93c55 100644
--- a/salt/logrotate/soc_logrotate.yaml
+++ b/salt/logrotate/soc_logrotate.yaml
@@ -63,9 +63,16 @@ logrotate:
       multiline: True
       global: True
       forcedType: "[]string"
-    "/opt/so/log/fleet/*_x_log":
+    "/opt/so/log/elasticfleet/*_x_log":
       description: List of logrotate options for this file.
-      title: /opt/so/log/fleet/*.log
+      title: /opt/so/log/elastic-fleet/*.log
+      advanced: True
+      multiline: True
+      global: True
+      forcedType: "[]string"
+    "/opt/so/log/elasticfleet/*_x_ndjson":
+      description: List of logrotate options for this file.
+      title: /opt/so/log/elastic-fleet/*.ndjson
       advanced: True
       multiline: True
       global: True