From 19dfa96cc2ccd99b3865f0e88b7ae7e7d24e5eba Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Wed, 30 Nov 2016 07:26:33 +0100
Subject: [PATCH] intrusion detection: rotate eve-log every (almost) 500 MB

Should probably remove the weekly/daily rotation in favour of a
setting of the value in KB on the GUI instead...
---
 src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf b/src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf
index b3c9e3ab2..fc7f9c99b 100644
--- a/src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf
+++ b/src/opnsense/service/templates/OPNsense/IDS/newsyslog.conf
@@ -2,7 +2,7 @@
 {% if helpers.exists('OPNsense.IDS.general') and OPNsense.IDS.general.enabled|default("0") == "1" %}
 /var/log/suricata/stats.log	root:wheel	640	7	*	$D0	B	/var/run/suricata.pid	1
 /var/log/suricata.log		root:wheel	640	7	*	$D0	B	/var/run/suricata.pid	1
-/var/log/suricata/eve.json	root:wheel	640	{{ OPNsense.IDS.general.AlertSaveLogs|default("4") }}	*	${{
+/var/log/suricata/eve.json	root:wheel	640	{{ OPNsense.IDS.general.AlertSaveLogs|default("4") }}	500000	${{
     OPNsense.IDS.general.AlertLogrotate|default("W0D23")
 }}	B	/var/run/suricata.pid	1
 {% endif %}