Update run_daemon.sh and redelk-www permission

outflanknl / RedELK

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

BSD 3-Clause "New" or "Revised" License

2.37k stars 372 forks source link

Update run_daemon.sh and redelk-www permission #277

Closed sunnyneo closed 2 years ago

sunnyneo commented 2 years ago

fixed daemon.log causing elkserver disk space to be full.

50MB is just an arbitrary number. Feel free to change it to whatever that is reasonable

MarcOverIP commented 2 years ago

I appreciate the effort. I'm just not sure if overwriting the log file to keep it small in size is the correct solution. This way we loose the ability for root cause analyses as the initial error message that is apparently causing flooding of log messages is lost.

Perhaps a solution would be the save the initial log file as well, while overwriting the rest?

sunnyneo commented 2 years ago

Hi, agreed with what you mentioned. Added a check, to keep the initial daemon.log file. Not sure if this is good enough.

 if [ $CURRENTLOGSIZE -gt $MAXLOGSIZE ];then
        if [ ! -f "$INIT-LOGFILE" ]; then
            /usr/bin/mv $LOGFILE $INIT-LOGFILE
        fi

MarcOverIP commented 2 years ago

Sounds like a good solution!

Before merging can you please check the build check issues?

MarcOverIP commented 2 years ago

After a better look I noticed the build checks failed linting checks in files not part of this PR. So decided to merge anyway. Thank you @sunnyneo !