# managed by puppet
<%= @logs_dir %>/*.log {
    # Elasticsearch cannot be told to close its log file and re-open it so we need to
    # use the copytruncate option
    copytruncate
    compress
    delaycompress
    missingok
    notifempty
    # logrotate allows to use only year, month, day and unix epoch
    dateext
    dateformat -%Y%m%d-%s
    # number of rotated files to keep
    rotate 10
    # do not rotate files unless both size and time conditions are met
    hourly
    minsize 20M
    # force rotate if filesize exceeded 100M
    maxsize 100M
    # this must map the /var/log directory group ownership
    su root syslog
}