ADding Suricata log compression

2025-12-09 10:42:54 +01:00 · 2020-06-25 12:56:26 -04:00
parent a45fbb6f5c
commit 30ac5f9764
2 changed files with 21 additions and 0 deletions
--- a/salt/suricata/cron/surilogcompress
+++ b/salt/suricata/cron/surilogcompress
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Gzip the eve logs
+find /nsm/suricata/eve*.json -type f -printf '%T@\t%p\n' | sort -t $'\t' -g |  head -n -1 |  cut -d $'\t' -f 2- | xargs nice gzip
+
+# TODO Add stats log
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -68,6 +68,21 @@ surirulesync:
    - user: 940
    - group: 940

+surilogscript:
+  file.managed:
+    - name: /usr/local/bin/surilogcompress
+    - source: salt://suricata/cron/surilogcompress
+    - mode: 755
+
+/usr/local/bin/surilogcompress:
+  cron.present:
+    - user: suricata
+    - minute: '17'
+    - hour: '*'
+    - daymonth: '*'
+    - month: '*'
+    - dayweek: '*'
+
 suriconfigsync:
  file.managed:
    - name: /opt/so/conf/suricata/suricata.yaml