Replies: 2 comments 2 replies
-
Disk space is managed by retention settings and available space. You have 588GB which is probably not enough for your use case. You have to decide how long you need to keep those records and figure out how much space that takes. You may need multiple TB. |
Beta Was this translation helpful? Give feedback.
-
Sounds reasonable. Where are the retention settings configured? I notice that there are over 6 months worth (> 25 Million) of syslog docs but the fortigate logs have gotten deleted overnight (and somewhat regularly for past several months). All of the syslog entries are coming from the SO system itself and have not been being deleted. How can I flip this and prioritize the foritgate logs and start rolling the syslog logs off after 90 days? |
Beta Was this translation helpful? Give feedback.
-
Version
2.4.100
Installation Method
Security Onion ISO image
Description
other (please provide detail below)
Installation Type
Standalone
Location
cloud
Hardware Specs
Meets minimum requirements
CPU
6
RAM
16GB
Storage for /
588G
Storage for /nsm
588G ( part of / )
Network Traffic Collection
other (please provide detail below)
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
No, there are no failures
Logs
Yes, there are additional clues in /opt/so/log/ (please provide detail below)
Detail
I have firewall logs that I need to keep around and not have them be deleted as these are critical for incident response and customer reporting. When checking the logs I see:
How can I prevent these fortigate logs from being deleted?
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions