Management
Management

Security director - set max logging history

‎08-16-2019 07:14 AM
Hi,

I have a separate logging node in my security director installation. How can I set the logging to a max history so it doesn’t fill up?

I just don’t want the logging node to fill up with space etc

Ideally I would set this to 6 months and everything else just gets deleted after this date?

Thanks
5 REPLIES 5
Management

Re: Security director - set max logging history

‎08-16-2019 07:29 AM
By default it keeps 45 days logs OR till 80% of disk space is available.

Regards,
Pravin
Management

Re: Security director - set max logging history

‎08-16-2019 07:42 AM
That’s good - thanks

Is there a setting I can change to set this to 6 months instead?
Management
Solution
Accepted by topic author oban3jimmy
‎08-16-2019 08:17 AM

Re: Security director - set max logging history

‎08-16-2019 07:58 AM
There is a file in the file system where you can change it, i do not have that handy now.

Check "crontab -l" in log collector then you will find a script and in that script, you will get that file where 45 days is mentioned.

Regards,
Pravin
Management

Re: Security director - set max logging history

‎10-11-2019 12:36 AM

Just to give the exact location of the script:

 

This script will roll over the old logs and it is in cronjob: /opt/jIngest/watcher/elasticsearchDiskRollover.py

 

Number of days to keep the logs are configured in:  /opt/jIngest/watcher/elasticDiskRollover.cfg

 

Daily old log rollover logs can be seen in:/var/log/diskrollover.log

 

By default, 500GB gets assigned to Log collector node so once it reaches 80% i.e. 400G, LC starts purging old logs.

400G is configured in /opt/jIngest/watcher/elasticsearchDiskRollover.py script ( LC automatically calculate 80% of total disk space assigned so the user need not require to edit it) 

 

-PL

Management

Re: Security director - set max logging history

‎10-11-2019 11:30 PM
I recently had a problem where the logs filled up and didn’t rotate; it stopped security directors web page from loading properly.

I used this fix to resolve - https://kb.juniper.net/InfoCenter/index?page=content&id=KB33248&actp=METADATA