[Zeek] Logs not rotating

Mauricio Tavares raubvogel at gmail.com
Sun May 24 04:09:27 PDT 2020


On Fri, May 22, 2020 at 4:00 PM Kayode Enwerem
<Kayode_Enwerem at ao.uscourts.gov> wrote:
>
> Yes it is sending out connection summary emails.. Please send the config file.
>
> Thanks for the response.
>

Well. it took longer to find it than I expected, but here it is:

cat > /etc/logrotate.d/zeeklog << EOF
# This file is offered as-is, without warranty of any kind.
# (20200420) raubvogel at gmail.com
#
# Rotate only the logs which have anything in them daily,
# compress them, and then keep old ones for 5 days.
#
# NOTE:
# - in my install zeek is in /opt/zeek; adjust as needed
# - /opt/zeek/logs/current is an alias to /opt/zeek/spool/manager

/opt/zeek/spool/manager/*.log {
    rotate 5
    daily
    olddir /opt/zeek/logs
    compress
    dateext
    delaycompress
    copytruncate
    sharedscripts
    missingok
    notifempty
}
EOF

> -----Original Message-----
> From: Mauricio Tavares <raubvogel at gmail.com>
> Sent: Friday, May 22, 2020 3:03 PM
> To: Kayode Enwerem <Kayode_Enwerem at ao.uscourts.gov>
> Cc: zeek at zeek.org
> Subject: Re: [Zeek] Logs not rotating
>
> On Fri, May 22, 2020 at 2:27 PM Kayode Enwerem <Kayode_Enwerem at ao.uscourts.gov> wrote:
> >
> > Can anyone please assist with this?
> >
> >
> >
> > From: zeek-bounces at zeek.org <zeek-bounces at zeek.org> On Behalf Of
> > Kayode Enwerem
> > Sent: Monday, May 18, 2020 4:36 PM
> > To: zeek at zeek.org
> > Subject: [Zeek] Logs not rotating
> >
>       Is it sending emails out (such as the Connection summary)?
> Reason I ask is the log rotation is tied up with the mail sending. If it is sending emails, or you do not care about that, I can give you a logrotate config file to buy you time to solve the issue.
>
> >
> > Hello,
> >
> >
> >
> > We are experiencing some issues with log rotation. The .log files in current directory are not getting rotated and compressed causing the .log files to grow really big. It starts working again after we restart zeek but after a few hours it stops again.
> >
> >
> >
> > We are using pigz to zip the files and rotate interval is set to 3600(1hr).
> >
> > logrotationinterval = 3600
> >
> > compresscmd = pigz
> >
> >
> >
> > Is anyone else experiencing any similar issue? Any ideas or thought?
> >
> >
> >
> > Zeek version we are running is 3.0.3.
> >
> >
> >
> > Thanks in advance.
> >
> >
> >
> > _______________________________________________
> > Zeek mailing list
> > zeek at zeek.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek


More information about the Zeek mailing list