Add logrotate configuration for Elasticsearch logs #61
Description
Description
The role does not manage logrotate for Elasticsearch log files. In production environments, Elasticsearch can generate significant log volume (especially with audit logging enabled), and without logrotate the /var/log/elasticsearch/ directory can fill up.
Suggested configuration
A reasonable default logrotate config:
/var/log/elasticsearch/*.log {
daily
rotate 32
size 50M
copytruncate
compress
delaycompress
missingok
notifempty
maxage 370
create 644 elasticsearch elasticsearch
}
Suggested approach
Add a template logrotate-elasticsearch.j2 with configurable variables for rotation count, max size, and max age. Deploy to /etc/logrotate.d/elasticsearch. Enable by default since it's a safe, non-disruptive addition.