diff --git a/salt/elasticfleet/config.sls b/salt/elasticfleet/config.sls
index 9bfb6e34d..902b5eb4c 100644
--- a/salt/elasticfleet/config.sls
+++ b/salt/elasticfleet/config.sls
@@ -45,6 +45,13 @@ eaconfdir:
     - group: 939
     - makedirs: True
 
+ealogdir:
+  file.directory:
+    - name: /opt/so/log/elasticfleet
+    - user: 947
+    - group: 939
+    - makedirs: True
+
 eastatedir:
   file.directory:
     - name: /opt/so/conf/elastic-fleet/state
diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls
index 82de4cdef..025a87e14 100644
--- a/salt/elasticfleet/enabled.sls
+++ b/salt/elasticfleet/enabled.sls
@@ -66,6 +66,7 @@ so-elastic-fleet:
       - /etc/ssl:/etc/ssl:ro
       {% endif %}
       #- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw
+      - /opt/so/log/elasticfleet:/usr/share/elastic-agent/logs 
      {% if DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
         {% for BIND in DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
       - {{ BIND }}
@@ -85,8 +86,8 @@ so-elastic-fleet:
       {% else %}
       - FLEET_CA=/etc/pki/tls/certs/intca.crt
       - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt
-
       {% endif %}
+      - LOGS_PATH=logs
       {% if DOCKER.containers['so-elastic-fleet'].extra_env %}
         {% for XTRAENV in DOCKER.containers['so-elastic-fleet'].extra_env %}
       - {{ XTRAENV }}
diff --git a/salt/logrotate/defaults.yaml b/salt/logrotate/defaults.yaml
index 68095fcbd..311a344b3 100644
--- a/salt/logrotate/defaults.yaml
+++ b/salt/logrotate/defaults.yaml
@@ -90,7 +90,7 @@ logrotate:
       - extension .log
       - dateext
       - dateyesterday
-    /opt/so/log/fleet/*_x_log:
+    /opt/so/log/elasticfleet/*_x_log:
       - daily
       - rotate 14
       - missingok
@@ -100,6 +100,16 @@ logrotate:
       - extension .log
       - dateext
       - dateyesterday
+    /opt/so/log/elasticfleet/*_x_ndjson:
+      - daily
+      - rotate 14
+      - missingok
+      - copytruncate
+      - compress
+      - create
+      - extension .ndjson
+      - dateext
+      - dateyesterday
     /opt/so/log/suricata/*_x_log:
       - daily
       - rotate 14
diff --git a/salt/logrotate/soc_logrotate.yaml b/salt/logrotate/soc_logrotate.yaml
index 5b9fd720f..5e6c78fcc 100644
--- a/salt/logrotate/soc_logrotate.yaml
+++ b/salt/logrotate/soc_logrotate.yaml
@@ -63,9 +63,16 @@ logrotate:
       multiline: True
       global: True
       forcedType: "[]string"
-    "/opt/so/log/fleet/*_x_log":
+    "/opt/so/log/elasticfleet/*_x_log":
       description: List of logrotate options for this file.
-      title: /opt/so/log/fleet/*.log
+      title: /opt/so/log/elasticfleet/*.log
+      advanced: True
+      multiline: True
+      global: True
+      forcedType: "[]string"
+    "/opt/so/log/elasticfleet/*_x_ndjson":
+      description: List of logrotate options for this file.
+      title: /opt/so/log/elasticfleet/*.ndjson
       advanced: True
       multiline: True
       global: True