From b7da768dc7bcd1e8560cc21c8f5504449f696777 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 20 Aug 2020 16:46:32 -0400
Subject: [PATCH] add logrotate

---
 salt/suricata/files/suri-rotate.conf | 12 ++++++++++++
 salt/suricata/init.sls               |  6 ++++++
 2 files changed, 18 insertions(+)
 create mode 100644 salt/suricata/files/suri-rotate.conf

diff --git a/salt/suricata/files/suri-rotate.conf b/salt/suricata/files/suri-rotate.conf
new file mode 100644
index 000000000..40232633f
--- /dev/null
+++ b/salt/suricata/files/suri-rotate.conf
@@ -0,0 +1,12 @@
+/opt/so/log/suricata/stats.log
+{
+    daily
+    rotate 2
+    missingok
+    nocompress
+    create
+    sharedscripts
+    postrotate
+            docker exec -d so-suricata sh -c 'kill -HUP 6'
+    endscript
+}
\ No newline at end of file
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index a15255af1..e49b59f4f 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -152,3 +152,9 @@ so-suricata:
       - file: surithresholding
       - file: /opt/so/conf/suricata/rules/
       - file: /opt/so/conf/suricata/bpf
+
+surilogrotate:
+  file.managed:
+    - name: /etc/logrotate.d/suristats
+    - source: salt://suricata/files/suri-rotate.conf
+    - mode: 644
\ No newline at end of file