Fix log rotate on Suricata

2026-01-16 21:21:31 +01:00 · 2020-06-04 10:43:24 -04:00
parent 7043bbae9d
commit 79adf2012a
3 changed files with 4 additions and 4 deletions
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -123,7 +123,7 @@ filebeat.inputs:

  - type: log
    paths:
-      - /suricata/eve.json
+      - /suricata/eve*.json
    fields:
      module: suricata
      dataset: common
--- a/salt/suricata/files/suricata.yaml
+++ b/salt/suricata/files/suricata.yaml
@@ -95,8 +95,8 @@ outputs:
  - eve-log:
      enabled: yes
      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
-      filename: /nsm/eve.json
-      rotate-interval: day
+      filename: /nsm/eve-%Y-%m-%d-%H:%M.json
+      rotate-interval: hour
      
      #prefix: "@cee: " # prefix to prepend to each log entry
      # the following are valid when type: syslog above
--- a/salt/suricata/files/suricataMETA.yaml
+++ b/salt/suricata/files/suricataMETA.yaml
@@ -95,7 +95,7 @@ outputs:
  - eve-log:
      enabled: yes
      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
-      filename: /nsm/eve.json
+      filename: /nsm/eve-%Y-%m-%d-%H:%M.json
      rotate-interval: hour
      
      #prefix: "@cee: " # prefix to prepend to each log entry