From e6ae1af85f6905d900590775e84afd9dfab5ede7 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 17 Feb 2021 10:47:06 -0500 Subject: [PATCH 1/3] test rotating strelka log at 100k --- salt/common/files/sensor-rotate.conf | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/salt/common/files/sensor-rotate.conf b/salt/common/files/sensor-rotate.conf index a7e4cb303..0529939d9 100644 --- a/salt/common/files/sensor-rotate.conf +++ b/salt/common/files/sensor-rotate.conf @@ -8,3 +8,17 @@ sharedscripts endscript } + +/nsm/strelka/log/strelka.log +{ + #daily + size 100k + rotate 14 + missingok + copytruncate + compress + create + extension .log + dateext + dateyesterday +} \ No newline at end of file From 2b07d89b5abdc794099160fcc682b2b6ba09fa6d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 17 Feb 2021 11:01:18 -0500 Subject: [PATCH 2/3] error: /opt/so/conf/sensor-rotate.conf:8 unknown option 'endscript' -- ignoring line --- salt/common/files/sensor-rotate.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/salt/common/files/sensor-rotate.conf b/salt/common/files/sensor-rotate.conf index 0529939d9..ba23ce16f 100644 --- a/salt/common/files/sensor-rotate.conf +++ b/salt/common/files/sensor-rotate.conf @@ -6,7 +6,6 @@ nocompress create sharedscripts - endscript } /nsm/strelka/log/strelka.log From 7a595df5b6193912f90e3f364c6fc20ef3458fe0 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 17 Feb 2021 11:17:41 -0500 Subject: [PATCH 3/3] strelka logrotate - https://github.com/Security-Onion-Solutions/securityonion/issues/2736 --- salt/common/files/sensor-rotate.conf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/salt/common/files/sensor-rotate.conf b/salt/common/files/sensor-rotate.conf index ba23ce16f..cefd3944e 100644 --- a/salt/common/files/sensor-rotate.conf +++ b/salt/common/files/sensor-rotate.conf @@ -10,8 +10,7 @@ /nsm/strelka/log/strelka.log { - #daily - size 100k + daily rotate 14 missingok copytruncate