Hi guys
My /var/log seems to be 100% full, I’ve gone status/System Logs/Settings
I’ve reduced Log Retention count from 7 → 5
how else can I reduce the log level… I actually don’t want to, prefer the higher log level.
Any recommendations.
I’ve also reduced the level in pfBlockerNG and similar in Siricata.
for now I’ve done a reset log files, but it does not seem as the /var/log utilization level drop.
… suricate filled it’s directory up with 50GB of log… filled the /var/log dir.
rebooted, went via console and cleaned the directory.
hmm, me and suricate is not becoming friends, I’d think it would monitor space available and protect itself. filling a log directory and then verything else to the point that I’m logged out of web console not good.
G
My solution is to use an external log server.
thats what I"m also leaning to… just scary or is that sad that suricate which seems to be guilty party here does not look better after the environment it lives in.
setting up a 6 node RPi/K3S cluster which will have a Elastic installed, will pipe the logs there via a syslogd server.
for now want to re-enable suricate to have it do the protection it needs to, but some how need to cut down the logging level to the min. figured I did before the wheels came off yesterday, retry time.
G
