Confusing log rotation problem of timestamp

Black5ugar · January 5, 2022, 7:58am

hi, i’m using suricata 6.0.4 build from source.
i found that the log rotation doesn’t work correctly.
the timestamp in the log file begins from about 03:20 a.m, and ends at 03:20 a.m in the next day.

my logrotation settings

/var/log/suricata/*.log /var/log/suricata/*.json {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    minsize 500k
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/suricata.pid 2> /dev/null` 2> /dev/null || true
    suricatasc -c reopen-log-files
    endscript
}

how can i fix this problem, can anyone help me?

Andreas_Herz · January 26, 2022, 10:13pm

Try removing the suricatasc -c reopen-log-files part. I don’t have it active on my setups and didn’t run into issues.

Topic		Replies	Views
Logrotate - Logs not rotating Help	4	1841	February 8, 2022
Logrotate problem whith Suricata 6 in Docker container Help	14	2250	August 30, 2021
Suricata - logrotate every week using cron.weekly Help	3	454	September 7, 2021
Logrotate Does not work Help suricata	2	566	August 22, 2023
Issue with suricata and logrotate Help centos	1	1013	February 8, 2021

Confusing log rotation problem of timestamp

Related topics