I have enabled logging of the api access so I can use fail2ban to block unauthorised access to graylog, I followed the below guide, but it does not cover log rotation. https://docs.graylog.org/en/4.0/pages/secure/sec_log_user_activity.html?highlight=debug#configuring-the-access-log
I have tried changing the config to be similar the that of the server.log but it just stops logging so the syntax must be wrong, anyone know how to rotate this log via log4j2.xml ?
Iv tried using log rotate demon in Linux as well, and also wrote my own script, but both ways, once the log is rotated graylog does not create a new one (or write to a new one iv created), the graylog service has to be restarted to get it working again.
is it possible to rotate it in the below file as the server.log file does ?
/etc/graylog/server/log4j2.xml
I really need to resolve this as it creates 200mb of logs a day, and the file is getting way to big.
In case it helps anyone else in future using the restaccess.log to see what IP addresses are accessing the REST API in the future, I figured this out thanks to a lot of googling and mainly this post:
that
I needed the filePattern="/var/log/graylog-server/restaccess.log.%i.gz"> on the end
specifically the “%i”
so my xml now looks like this and both logs rotate …