How to set a size limit to the eve.log file?


I was looking at the logs of a machine in which I installed Suricata and used the emerging threats rulesets (the emerging-all.rules.tar.gz file from Proofpoint Emerging Threats Rules).

It seems that after some time of activity (after few hours of continuous monitoring) the file size starts growing from just few MB to hundreds of MB.

Is it possible to set a limit to the size of this file (and possibly also all the other log files) in order to instruct Suricata to not exceed disk usage?

Thank you.

Many deployments use log-rotation for use cases like this - you can limit the size, etc:15.6. Log Rotation — Suricata 7.0.0-rc1-dev documentation

Thank you for your reply.

Isn’t there a native implementation in Suricata for doing that?
Anyway, I checked the link you sent me, but I’m actually running Suricata on a Windows based system.

Do you know any tool that I can use similar to logrotate?

Log rotation is provided by the platform … Suricata supports this but not directly.

I’m not well versed in equivalent functions in Windows but I’d be surprised if this use case wasn’t supported on Windows.