Feature #1636: Signal rotation of unified2 log file without restart - Suricata - Open Information Security Foundation

Actions

Feature #1636

closed

Signal rotation of unified2 log file without restart

Added by Brian Hennigar over 8 years ago. Updated about 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Target version:

Effort:

Difficulty:

Label:

Description

It would be good to have the ability of rotating the log files without having to stop/start the Suricata process. Something similar to the SIGUSR2 for the live rule reload.

From OISF user group:

- Give the unified2 output a "nostamp" option like Snort.
- If nostamp is on, subject the unified2 output to HUP file rotation.

Then you could do file rotation like you would done on other output
files like eve. Move the existing one out of the way, HUP Suricata to
start writing to a new file.

Actions

#1

Updated by Victor Julien over 8 years ago

Target version set to TBD

Actions

#2

Updated by Andreas Herz over 8 years ago

Assignee set to OISF Dev

Actions

#3

Updated by Brian Hennigar over 7 years ago

Has there been any thought on this?

Actions

#4

Updated by Jason Ish over 7 years ago

Subject changed from Signal rotation of log file without restart to Signal rotation of unified2 log file without restart

Updating subject to make it specific to unified2.

Actions

#5

Updated by Jason Ish over 7 years ago

Status changed from New to Assigned
Assignee changed from OISF Dev to Jason Ish

Brian Hennigar wrote:

Has there been any thought on this?

Yes, I've been thinking about it a bit and it has come up recently as well. I'll assign this to me as I am planning to get to it at somepoint.

Actions

#6

Updated by Jason Ish about 7 years ago

Status changed from Assigned to Closed
Target version changed from TBD to 4.0beta1

Feature merged: https://github.com/inliniac/suricata/pull/2560

Actions

Also available in: Atom PDF