diff --git a/salt/common/files/log-rotate.conf b/salt/common/files/log-rotate.conf index 1d04c4bb3..a312f7870 100644 --- a/salt/common/files/log-rotate.conf +++ b/salt/common/files/log-rotate.conf @@ -2,7 +2,6 @@ {%- set group_conf = salt['pillar.get']('logrotate:group_conf') %} -/opt/so/log/aptcacher-ng/*.log /opt/so/log/idstools/*.log /opt/so/log/nginx/*.log /opt/so/log/soc/*.log @@ -22,7 +21,6 @@ /opt/so/log/salt/so-salt-minion-check /opt/so/log/salt/minion /opt/so/log/salt/master -/opt/so/log/logscan/*.log /nsm/idh/*.log { {{ logrotate_conf | indent(width=4) }} diff --git a/salt/logrotate/defaults.yaml b/salt/logrotate/defaults.yaml new file mode 100644 index 000000000..6d0fa7dc7 --- /dev/null +++ b/salt/logrotate/defaults.yaml @@ -0,0 +1,233 @@ +logrotate: + common: + config: + /opt/so/log/idstools/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/nginx/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/soc/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/kratos/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/kibana/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/influxdb/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/elastalert/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/soctopus/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/curator/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/fleet/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/suricata/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/mysql/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/telegraf/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/redis/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/sensoroni/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/stenographer/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/salt/so-salt-minion-check: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/salt/minion: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/salt/master: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /nsm/idh/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/playbook/*.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + - su root socore + /nsm/strelka/log/strelka.log: + - daily + - rotate 14 + - missingok + - copytruncate + - compress + - create + - extension .log + - dateext + - dateyesterday + /opt/so/log/sensor_clean.log: + - daily + - rotate 2 + - missingok + - nocompress + - create + - sharedscripts + + sensor: diff --git a/salt/logrotate/etc/rotate.config.jinja b/salt/logrotate/etc/rotate.config.jinja new file mode 100644 index 000000000..e69de29bb diff --git a/salt/logrotate/map.jinja b/salt/logrotate/map.jinja new file mode 100644 index 000000000..24fcbd78f --- /dev/null +++ b/salt/logrotate/map.jinja @@ -0,0 +1,7 @@ +{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one + or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at + https://securityonion.net/license; you may not use this file except in compliance with the + Elastic License 2.0. #} + +{% import_yaml 'logrotate/defaults.yaml' as LOGROTATEDEFAULTS %} +{% set LOGROTATEMERGED = salt['pillar.get']('logrotate', LOGROTATEDEFAULTS.logrotate, merge=True) %}