This repository was archived by the owner on Aug 20, 2025. It is now read-only.
Metron 136 logrotate pcapservice #113
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…d the file and I tested the execution in the full-dev-platform image using the logrotate -f option (force). It properly rotated to /var/log/metron_pcapservice.log.1.
…d the file and I tested the execution in the full-dev-platform image using the logrotate -f option (force). It properly rotated to /var/log/metron_pcapservice.log.1.
Member
|
This looks good to me, but I'd very much like @dlyle65535 to chime in. |
Contributor
|
+1. Thanks for the contribution and the suggestions. Good stuff. |
Contributor
|
@jjonez We need your email address to merge your PR. You do not have one publicly associated with your Github account; that I can see at least. You do not have to make one public, but if you'd like credit for the commit, we'll need an email associated with your Github account. Feel free to let us know in whatever manner you feel comfortable with. My email is public, if you'd like to send it direct. The Metron mailing lists are also good options. |
Contributor
Author
|
@nickwallen, Thanks. I just updated my profile and made my email public. And, I think I fixed the author for future patches as well. |
asfgit
pushed a commit
that referenced
this pull request
Jun 24, 2016
…jjonez via nickwallen) closes #113
asfgit
pushed a commit
that referenced
this pull request
Jun 24, 2016
…jjonez via nickwallen) closes #113
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I tested this by starting the full-dev-platform vagrant image. The logrotate.d config file was created. I ran logrotate with the -f option (force) to test the configuration and it worked properly.
The configuration is consistent with the other logrotate configs in metron, but I have a couple of questions, which perhaps should be posted elsewhere. These questions apply to most of the default Metron logrotate configurations:
#1 - Should the pcap logs be in their own directory like most other metron logs instead of /var/log/metron_pcapservice.log?
#2 - Should we change to compress (gzip)?
#3 - Regarding all logrotate configs, should we change them to use dateext? Currently it changes files like this:
/var/log/metron_pcapservice.log.1
/var/log/metron_pcapservice.log.2
Where, using dateext makes them:
/var/log/metron_pcapservice.log.20160507
/var/log/metron_pcapservice.log.20160508
The disadvantage to this is that even if you try to force the rotate (-f), I don't think it will rotate because the date it would rotate to already exists. With the number, if just adds a new number.