To configure Suricata event logging:
- eve-log:
 enabled: yes
 filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
 filename: eve.json
As a result, Suricata events are logged to the /usr/local/var/log/suricata/eve.json file.
Suricata does not support limiting the size of the eve.json event file. If necessary, you can manage the log size by using rotation. For example, to configure hourly log rotation, add the following lines to the configuration file:
outputs:
 - eve-log:
 filename: eve-%Y-%m-%d-%H:%M.json
 rotate-interval: hour