Archive

logrotate or max file size for cisco IPS sdee subscriptions

New Member

The files for the IPS SDEE logs are in $splunk_home/etc/apps/Splunk_CiscoIPS/var/log/$sdee file. Do these have a max file size or can they be configured for logrotate somehow? If it's logrotate, is there a postrotate script to run after the rollover has happened?

Tags (1)
0 Karma

New Member

No need to HUP any scripts or tweak logrotate.
This is tunable in:

$SPLUNK_HOME/etc/apps/Splunk_CiscoIPS/default/config.ini

[logging]
# Maximum bytes for log's file size before it being rotated.
# If you want no limit on the log's file size, set this value to 0. The log size will keep growing.
# Default to 100MB
maxBytes = 102400000

# Number of backup log files to keep
# If you want no backup file, set this value to 0.
backupCount = 5
0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!