use logrotate

2025-12-06 09:12:45 +01:00 · 2025-09-05 09:22:44 -05:00
parent dfec29d18e
commit 915b9e7bd7
3 changed files with 18 additions and 15 deletions
--- a/salt/logrotate/defaults.yaml
+++ b/salt/logrotate/defaults.yaml
@@ -268,3 +268,12 @@ logrotate:
      - nocompress
      - create
      - sharedscripts
+    /opt/so/log/agents/agent-monitor*_x_log:
+      - daily
+      - rotate 14
+      - missingok
+      - compress
+      - create
+      - extension .log
+      - dateext
+      - dateyesterday
--- a/salt/logrotate/soc_logrotate.yaml
+++ b/salt/logrotate/soc_logrotate.yaml
@@ -175,3 +175,10 @@ logrotate:
      multiline: True
      global: True
      forcedType: "[]string"
+    "/opt/so/log/agents/agent-monitor*_x_log":
+      description: List of logrotate options for this file.
+      title: /opt/so/log/agents/agent-monitor*.log
+      advanced: True
+      multiline: True
+      global: True
+      forcedType: "[]string"
--- a/salt/manager/tools/sbin_jinja/so-elastic-agent-monitor
+++ b/salt/manager/tools/sbin_jinja/so-elastic-agent-monitor
@@ -7,7 +7,7 @@
 set -euo pipefail

 LOG_DIR="/opt/so/log/agents"
-LOG_FILE="$LOG_DIR/agent-monitor-$(date -u +"%Y%m%d").log"
+LOG_FILE="$LOG_DIR/agent-monitor.log"
 CURL_CONFIG="/opt/so/conf/elasticsearch/curl.config"
 FLEET_API="http://localhost:5601/api/fleet/agents"
 {#- When using custom kquery ignore critical agents patterns. Since we want all the results of custom query logged #}
@@ -71,17 +71,6 @@ calculate_offline_hours() {
    echo $((diff / 3600))
 }

-cleanup_old_logs() {
-    # Find and delete log files older than 7 days
-    local old_files=$(find "$LOG_DIR" -name "agent-monitor-*.log" -type f -mtime +7 2>/dev/null)
-
-    if [ -n "$old_files" ]; then
-        local deleted_count=$(echo "$old_files" | wc -l)
-        echo "$old_files" | xargs rm -f
-        log_message "INFO" "Cleaned up $deleted_count old log files (>7 days)"
-    fi
-}
-
 main() {
    log_message "INFO" "Starting Fleet agent status check"

@@ -92,8 +81,6 @@ main() {
    else
        log_message "INFO" "No critical agents filter found, monitoring all agents"
    fi
-    
-    cleanup_old_logs

    log_message "INFO" "Querying Fleet API"

@@ -115,7 +102,7 @@ main() {

        if ! response_body=$(curl -K "$CURL_CONFIG" \
            -s --fail \
-            $FLEET_QUERY \
+            "$FLEET_QUERY" \
            -H 'kbn-xsrf: true' 2>/dev/null); then
            log_message "ERROR" "Failed to query Fleet API (page $page)"
            exit 1