Print Page - Netflow - set db limit

Title: Netflow - set db limit
Post by: GreenMatter on November 28, 2020, 03:58:40 PM

Since upgrading to 20.7 netflow db keeps growing along with Sensei's (that's expected):

Quote
root@OPNsense:~ # du -a / | sort -nr | head
32074226   /
16779596   /usr
15886944   /usr/local
13409778   /var
12880916   /usr/local/datastore
12880912   /usr/local/datastore/elasticsearch
12880908   /usr/local/datastore/elasticsearch/nodes
12880904   /usr/local/datastore/elasticsearch/nodes/0
12880888   /usr/local/datastore/elasticsearch/nodes/0/indices
12555620   /var/netflow

Detailed look:

Quote
root@OPNsense:~ # ls -lh /var/netflow
total 12555968
-rw-r----- 1 root wheel 12M Nov 28 15:42 dst_port_000300.sqlite
-rw-r----- 1 root wheel 168M Nov 28 15:42 dst_port_003600.sqlite
-rw-r----- 1 root wheel 349M Nov 28 15:42 dst_port_086400.sqlite
-rw-r----- 1 root wheel 655M Nov 17 17:47 dst_port_086400.sqlite.clean.sql
-rw-r----- 1 root wheel 168M Nov 17 18:08 dst_port_086400.sqlite.fix
-rw-r----- 1 root wheel 13K Nov 17 18:06 dst_port_086400.sqlite.fix-journal
-rw-r----- 1 root wheel 655M Nov 17 17:47 dst_port_086400.sqlite.sql
-rw-r----- 1 root wheel 6.1M Nov 28 15:42 interface_000030.sqlite
-rw-r----- 1 root wheel 4.7M Nov 28 15:42 interface_000300.sqlite
-rw-r----- 1 root wheel 652K Nov 28 15:42 interface_003600.sqlite
-rw-r----- 1 root wheel 52K Nov 28 15:42 interface_086400.sqlite
-rw-r----- 1 root wheel 12K Nov 28 15:42 metadata.sqlite
-rw-r----- 1 root wheel 7.0M Nov 28 15:42 src_addr_000300.sqlite
-rw-r----- 1 root wheel 40M Nov 28 15:42 src_addr_003600.sqlite
-rw-r----- 1 root wheel 70M Nov 28 15:42 src_addr_086400.sqlite
-rw-r----- 1 root wheel 3.6G Nov 28 15:42 src_addr_details_086400.sqlite
-rw-r----- 1 root wheel 2.3G Nov 17 15:46 src_addr_details_086400.sqlite.clean.sql
-rw-r----- 1 root wheel 1.7G Nov 17 18:07 src_addr_details_086400.sqlite.fix
-rw-r----- 1 root wheel 13K Nov 17 18:06 src_addr_details_086400.sqlite.fix-journal
-rw-r----- 1 root wheel 2.3G Nov 17 15:45 src_addr_details_086400.sqlite.sql

And after resetting netflow data it's 4GB less:

Quote
root@OPNsense:~ # ls -lh /var/netflow
total 8054696
-rw-r----- 1 root wheel 0B Nov 28 15:45 dst_port_000300.sqlite
-rw-r----- 1 root wheel 0B Nov 28 15:45 dst_port_003600.sqlite
-rw-r----- 1 root wheel 0B Nov 28 15:45 dst_port_086400.sqlite
-rw-r----- 1 root wheel 655M Nov 17 17:47 dst_port_086400.sqlite.clean.sql
-rw-r----- 1 root wheel 168M Nov 17 18:08 dst_port_086400.sqlite.fix
-rw-r----- 1 root wheel 13K Nov 17 18:06 dst_port_086400.sqlite.fix-journal
-rw-r----- 1 root wheel 655M Nov 17 17:47 dst_port_086400.sqlite.sql
-rw-r----- 1 root wheel 0B Nov 28 15:45 interface_000030.sqlite
-rw-r----- 1 root wheel 0B Nov 28 15:45 interface_000300.sqlite
-rw-r----- 1 root wheel 0B Nov 28 15:45 interface_003600.sqlite
-rw-r----- 1 root wheel 0B Nov 28 15:45 interface_086400.sqlite
-rw-r----- 1 root wheel 8.0K Nov 28 15:45 metadata.sqlite
-rw-r----- 1 root wheel 0B Nov 28 15:45 src_addr_000300.sqlite
-rw-r----- 1 root wheel 0B Nov 28 15:45 src_addr_003600.sqlite
-rw-r----- 1 root wheel 0B Nov 28 15:45 src_addr_086400.sqlite
-rw-r----- 1 root wheel 0B Nov 28 15:45 src_addr_details_086400.sqlite
-rw-r----- 1 root wheel 2.3G Nov 17 15:46 src_addr_details_086400.sqlite.clean.sql
-rw-r----- 1 root wheel 1.7G Nov 17 18:07 src_addr_details_086400.sqlite.fix
-rw-r----- 1 root wheel 13K Nov 17 18:06 src_addr_details_086400.sqlite.fix-journal
-rw-r----- 1 root wheel 2.3G Nov 17 15:45 src_addr_details_086400.sqlite.sql

Is there any way to set permanent limit/number of days for Netflow db to collect data for?

OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: GreenMatter on November 28, 2020, 03:58:40 PM