I was looking at the logs of a machine in which I installed Suricata and used the emerging threats rulesets (the emerging-all.rules.tar.gz file from Proofpoint Emerging Threats Rules).
It seems that after some time of activity (after few hours of continuous monitoring) the file size starts growing from just few MB to hundreds of MB.
Is it possible to set a limit to the size of this file (and possibly also all the other log files) in order to instruct Suricata to not exceed disk usage?
Isn’t there a native implementation in Suricata for doing that?
Anyway, I checked the link you sent me, but I’m actually running Suricata on a Windows based system.
Do you know any tool that I can use similar to logrotate?