CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rotate suri stats log hourly

Browse Source
This commit is contained in:
Mike Reeves
2020-08-23 16:03:37 -04:00
parent daaa2d3579
commit ebd8105cb5
2 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
salt/suricata/cron/surirotate Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
# Gzip the eve logs
find /nsm/suricata/eve*.json -type f -printf '%T@\t%p\n' | sort -t $'\t' -g | head -n -1 | cut -d $'\t' -f 2- | xargs nice gzip
# TODO Add stats log

19
salt/suricata/init.sls
View File

@@ -79,6 +79,12 @@ surilogscript:
- source: salt://suricata/cron/surilogcompress - source: salt://suricata/cron/surilogcompress
- mode: 755 - mode: 755
surirotatescript:
file.managed:
- name: /usr/local/bin/surirotate
- source: salt://suricata/cron/surirotate
- mode: 755
/usr/local/bin/surilogcompress: /usr/local/bin/surilogcompress:
cron.present: cron.present:
- user: suricata - user: suricata
@@ -155,6 +161,15 @@ so-suricata:
surilogrotate: surilogrotate:
file.managed: file.managed:
- name: /etc/logrotate.d/suristats - name: /opt/so/conf/suricata/suri-rotate.conf
- source: salt://suricata/files/suri-rotate.conf - source: salt://suricata/files/suri-rotate.conf
- mode: 644 - mode: 644
/usr/local/bin/surirotate:
cron.present:
- user: root
- minute: '6'
- hour: '*'
- daymonth: '*'
- month: '*'
- dayweek: '*'