logrotate: Rotate suricata logs instead of snort ones
authorStefan Schantl <stefan.schantl@ipfire.org>
Fri, 15 Feb 2019 10:22:14 +0000 (11:22 +0100)
committerStefan Schantl <stefan.schantl@ipfire.org>
Fri, 15 Feb 2019 10:22:14 +0000 (11:22 +0100)
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
config/etc/logrotate.conf

index d38570d..f15ee92 100644 (file)
@@ -28,16 +28,16 @@ include /etc/logrotate.d
     endscript
 }
 
-/var/log/snort/alert  {
+/var/log/suricata/*.log {
     weekly
     copytruncate
     compress
     ifempty
     missingok
     postrotate
-       /bin/find /var/log/snort -path '/var/log/snort/[0-9]*' -prune -exec /bin/rm -rf {} \;
-       /bin/find /var/log/snort -name 'snort.log.*' -mtime +28 -exec /bin/rm -rf {} \;
-       /etc/init.d/snort restart
+       /bin/find /var/log/suricata -path '/var/log/suricata/[0-9]*' -prune -exec /bin/rm -rf {} \;
+       /bin/find /var/log/suricata -name 'fast.log.*' -mtime +28 -exec /bin/rm -rf {} \;
+       /bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null || true
     endscript
 }