Dear Community
I decided to give Suricata with the latest Update to 24.7.1 another try.
My goal is to drop any matching Rule from abuse.ch. As far so good. I noticed, that the Alert Log inside WebGUI gets deleted really often. Sometimes every 20 minutes or at least every few hours. My log rotation is set to Weekly and my logs are stored on RAM. I have used 2GB of my 16GB RAM and 50% of the capacity could be filled by logs.
The suricata service runs stable and it seems working normally exept of missing potential log history.
Did you experience something similar to my findings?
Many thanks for your help.
Best regards
Wrigleys
Update from my end:
After triggering some test log entries, the log Date and timestamp (dropdown on top right) gets renewed (really don't know why), but the logs are still visible.
Therefore no logs are getting deleted.
Thread closed.