How to set a size limit to the eve.log file?

ginoliuz · January 28, 2023, 10:06pm

Hi.

I was looking at the logs of a machine in which I installed Suricata and used the emerging threats rulesets (the emerging-all.rules.tar.gz file from Proofpoint Emerging Threats Rules).

It seems that after some time of activity (after few hours of continuous monitoring) the file size starts growing from just few MB to hundreds of MB.

Is it possible to set a limit to the size of this file (and possibly also all the other log files) in order to instruct Suricata to not exceed disk usage?

Thank you.

Jeff_Lucovsky · January 29, 2023, 2:21pm

Many deployments use log-rotation for use cases like this - you can limit the size, etc:15.6. Log Rotation — Suricata 7.0.0-rc1-dev documentation

ginoliuz · January 29, 2023, 4:15pm

Thank you for your reply.

Isn’t there a native implementation in Suricata for doing that?
Anyway, I checked the link you sent me, but I’m actually running Suricata on a Windows based system.

Do you know any tool that I can use similar to logrotate?

Jeff_Lucovsky · January 29, 2023, 4:18pm

Log rotation is provided by the platform … Suricata supports this but not directly.

I’m not well versed in equivalent functions in Windows but I’d be surprised if this use case wasn’t supported on Windows.

Topic		Replies	Views
Is there no max-files configuration for eve-log? Help configuration	1	308	July 11, 2023
Logrotate - Logs not rotating Help	4	1544	February 8, 2022
Logrotate Does not work Help suricata	2	309	August 22, 2023
Rules and log files	1	297	November 28, 2023
Suricata 4.0.6, /data/suricata/eve.json files too large Help suricata	1	71	April 5, 2024

How to set a size limit to the eve.log file?

Related Topics