Disk is filling up with netflow logs from local collector. Only want netflow for the past X days.
I've since turned off netflow to avoid disk full.
There is an old thread (20.7) about this with no response: https://forum.opnsense.org/index.php?topic=20262.msg93861
Is this possible in 23.7?
If not, this is my implementation idea I'd like feedback on:
Since the logs are stored in sqlite, use python3 to connect to sqlite db and delete rows older than X days.
This functionality can be added to flowd_aggregate and exposed on the Reporting > Settings page in the webUI and only apply to local collector.
..and where is the code for the local collector?
No, nothing to limit anything and with sqlite vacuum it's probably gonna kill your box with OOM before anything gets done.
I also would love to have a solution for this. I found out that my FW consumes a lot of power, even when there is no traffic, and after searching for a while, I came across netflow, which consumes 99.7% of a single core (Intel N100), with a SQL lite db of 6.1 GB size.
Turning off netflow resulted in a drastic reduction of the CPU power consumption, re-enabling in the observed behavior. After I manually resetted netflow data, enabling netflow didn't result in the cpu usage increase like before, so I am pretty sure the python process consumes a lot of power when writing to a big db (on a SSD, ZFS formatted, in case it is interesting).
So is there a function available to drop data after X days, reduce the db size and also cpu usage?