Confusing log rotation problem of timestamp

Black5ugar · January 5, 2022, 7:58am

hi, i’m using suricata 6.0.4 build from source.
i found that the log rotation doesn’t work correctly.
the timestamp in the log file begins from about 03:20 a.m, and ends at 03:20 a.m in the next day.

my logrotation settings

/var/log/suricata/*.log /var/log/suricata/*.json {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    minsize 500k
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null || true
    suricatasc -c reopen-log-files
    endscript
}

how can i fix this problem, can anyone help me?

Andreas_Herz · January 26, 2022, 10:13pm

Try removing the suricatasc -c reopen-log-files part. I don’t have it active on my setups and didn’t run into issues.

Topic		Replies	Views
What does happen to Suricata when a log rotation is made? Help suricata	1	319	July 14, 2023
Suricata 6.0.4: SURICATA STREAM pkt seen on wrong thread Help	6	1224	June 7, 2022
Somethin is wrong with suricata Help	13	1023	October 8, 2021
When using --pcap-file-continuous suricata saves to the wrong place Help suricata	0	41	April 12, 2024
Http.log failed to log all http\s events	7	533	February 21, 2023

Confusing log rotation problem of timestamp

Related Topics