Audit log filling up diskspace
search cancel

Audit log filling up diskspace

book

Article ID: 271494

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We are noticing that the /var/log directory is filling up very fast on the appliance servers after the cluster is configured. The messages file, syslog file and user.log files are growing to extremely large file sizes.

We noticed that the file rotation is configured for weekly and the file size is growing until the diskspace is 100% used.

Question: How can we avoid this, can we lower the logging level?

 

Environment

CA API Gateway 11.0

Cause

New Debian gateway 11.0 OS default values generates more logging than the previous Centos OS from gateway 10.x. 

The issue fixed after 11.1. 

See known issue: Debian-Based Virtual Appliance Gateway: Default Syslog Config Prone to Excessive Logging

https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/11-1/release-notes/known-issues.html#concept.dita_3288dfc184e6cf131e7db6b436b1af0bbd822000_gw11_known

Resolution

Modified the rsyslog.conf and rsyslog. 

Sample rsyslog:

# cat /etc/logrotate.d/rsyslog
/var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
        rotate 4
        maxsize  32M
        minsize  16M
        hourly
        missingok
        notifempty
        compress
        delaycompress
        sharedscripts
        postrotate
                /usr/lib/rsyslog/rsyslog-rotate
        endscript
}

Modified log level, rsyslog.conf attached. 

 

 

Attachments

1691692562075__rsyslog_conf_debian_log_level_change+_v2.txt get_app
Powered by Wolken Software