store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Fri Nov 22, 2019 10:41 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: Cleanup of /var/asl/data/audit/
Unread postPosted: Sat Nov 16, 2013 4:44 pm 
Offline
Forum User
Forum User

Joined: Thu Feb 22, 2007 3:49 pm
Posts: 38
Location: Romania
Hi,

On a heavy server it is filling up too quickly /var/asl/data/audit/ and I can have gigabytes of data and I see it not take empty after a while so in days I get 20-30GB. How can I cleanup? Is there a command in mod_sec or ASL ?

_________________
Best regards,
Valics Lehel

Power Toys for PLESK
HOW TO: Setup a new box with PLESK
PLESK Crash Recovery Service


Top
 Profile  
Reply with quote  
 Post subject: Re: Cleanup of /var/asl/data/audit/
Unread postPosted: Sun Nov 17, 2013 5:30 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
Hmmm..although mine isn't big, the sheer number of files in there is causing a problem for me and I would certainly like to get control of this.

I thought this setting in /etc/asl/config might be related:

ASL_DB_RETENTION="5 days"

But it is not -- that's for the DB only from the looks of things (since I have 16 days worth in the audit directory, and given it has "DB" not "audit" in the variable name! ).

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: Cleanup of /var/asl/data/audit/
Unread postPosted: Sun Nov 17, 2013 5:32 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4087
Location: Chantilly, VA
This is the setting that controls how long the audit data is kept for WAF events:

https://www.atomicorp.com/wiki/index.ph ... LEAN_ALERT

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: Cleanup of /var/asl/data/audit/
Unread postPosted: Mon Nov 18, 2013 2:38 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
ooh, a new one on me. Thanks.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: Cleanup of /var/asl/data/audit/
Unread postPosted: Mon Apr 24, 2017 1:46 pm 
Offline
New Forum User
New Forum User

Joined: Sun Apr 07, 2013 10:05 am
Posts: 3
Location: Sweden
I really wish they would store this data in a database ... the number of files is eating up our inodes...


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group