Description
The role does not manage logrotate for Elasticsearch log files. In production environments, Elasticsearch can generate significant log volume (especially with audit logging enabled), and without logrotate the /var/log/elasticsearch/ directory can fill up.
Suggested configuration
A reasonable default logrotate config:
/var/log/elasticsearch/*.log {
daily
rotate 32
size 50M
copytruncate
compress
delaycompress
missingok
notifempty
maxage 370
create 644 elasticsearch elasticsearch
}
Suggested approach
Add a template logrotate-elasticsearch.j2 with configurable variables for rotation count, max size, and max age. Deploy to /etc/logrotate.d/elasticsearch. Enable by default since it's a safe, non-disruptive addition.
Description
The role does not manage logrotate for Elasticsearch log files. In production environments, Elasticsearch can generate significant log volume (especially with audit logging enabled), and without logrotate the
/var/log/elasticsearch/directory can fill up.Suggested configuration
A reasonable default logrotate config:
Suggested approach
Add a template
logrotate-elasticsearch.j2with configurable variables for rotation count, max size, and max age. Deploy to/etc/logrotate.d/elasticsearch. Enable by default since it's a safe, non-disruptive addition.