"Quote from: fastboot on November 12, 2025, 01:32:33 PMThanks, but I don't rely on local log retention.Thank you for sharing
My setup includes a centralized logging system cluster with redundancy – if one SIEM node fails, another one takes over. Logs are streamed live via UDP, so there's no need to store old logs locally.
That's exactly why I use a RAM disk for /var/log: to minimize wear on the NVMe and avoid unnecessary local writes.
The issue is not about log availability – it's about Suricata ignoring the log rotation and retention settings, which causes the RAM disk to fill up.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Intrusion Detection and Prevention / Re: Suricata logs ignoring rotation settings – RAM disk filling up
Today at 07:32:58 AMPages1
