Symantec EDR drive space is filling up and auto purging does not seem to work.

EDR 4.6.5

In CLI confirm that drive is filling by using the "df -h" command

use "list -t" 

This will show you the top files.

How to use the delete command to remove /var/log files

Open up Symantec Endpoint Detection and Response CLI

Login as admin

Use: "delete </path/filename>"

Example:

delete /var/log/nginx/example.log

This can be used to help with EDR /var/log is filling up appliance drive space.

If you are unable to delete files please contact Broadcom technical support.