How to do rotation for /var/log/coraza/audit/audit.log ?

[uniuuu]

How to rotate audit log? /var/log/coraza/audit/audit.log
It grows and for one single website it's making 6GB in one month.

[jcchavezs]

A quick google search on how modsecurity handles this is mainly by not handling it and let other tools (Apache or ngnx) to deal with it. Personally I don't think coraza should support log rotation mechanism but I agree we should describe how to achieve it (maybe an example) and expose right interfaces for that. For example, what happens if file changes while the destination file is open? Can it detect a change and reopen the file accordingly?

…

On Mon, 31 Oct 2022, 07:38 Alexander Konrad, ***@***.***> wrote: How to rotate audit log? /var/log/coraza/audit/audit.log It's growing for one signle website it's making 6GB in one month. — Reply to this email directly, view it on GitHub <#486>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAXOYAQWRLXCXJXHJFPT2UDWF5SPBANCNFSM6AAAAAARSYNGSE> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[jptosso]

I'm not sure if logrotate is going to work. Maybe we should add a file handler to detect rotation and move the writer to 0,0.
Let's run some tests and add documentation.

[prologic]

Just came across this, and using logrotate does not work. It requires a restart of Caddy. It looks like the logfile is not reopened when it gets renamed and re-created.