Please include the following information with your help request:
- Suricata version : 7.0.X
- Operating system and/or Linux distribution : Ubuntu
- How you installed Suricata (from source, packages, something else): compiled using yocto
I don’t think so. This should be done by an external log rotation tool. See 17.6. Log Rotation — Suricata 8.0.0-dev documentation
EVE can also be rotated by Suricata itself on a time (not size) basis, see 17.1.1. Eve JSON Output — Suricata 7.0.6 documentation. In this case I would advise against using logrotate at the same time.