Feature #1636
closed
Signal rotation of unified2 log file without restart
Added by Brian Hennigar over 8 years ago.
Updated about 7 years ago.
Description
It would be good to have the ability of rotating the log files without having to stop/start the Suricata process. Something similar to the SIGUSR2 for the live rule reload.
From OISF user group:
- Give the unified2 output a "nostamp" option like Snort.
- If nostamp is on, subject the unified2 output to HUP file rotation.
Then you could do file rotation like you would done on other output
files like eve. Move the existing one out of the way, HUP Suricata to
start writing to a new file.
- Target version set to TBD
Has there been any thought on this?
- Subject changed from Signal rotation of log file without restart to Signal rotation of unified2 log file without restart
Updating subject to make it specific to unified2.
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jason Ish
Brian Hennigar wrote:
Has there been any thought on this?
Yes, I've been thinking about it a bit and it has come up recently as well. I'll assign this to me as I am planning to get to it at somepoint.
- Status changed from Assigned to Closed
- Target version changed from TBD to 4.0beta1
Also available in: Atom
PDF