OPNsense Forum

English Forums => Hardware and Performance => Topic started by: Sahbi on February 14, 2019, 08:18:45 pm

Title: Required disk space for "all" services w/ minimal logging?
Post by: Sahbi on February 14, 2019, 08:18:45 pm
I installed OPNSense on a 16 GB mSATA SSD and mounted a USB pendrive to /var and /tmp to save write cycles, but the latter seems too slow to keep up (especially when using c-icap and clamav) and sometimes even causes processes to go into uninterruptible sleep state (D state in ps output) when they're attempting I/O. Now, the official guide recommends a 120 GB SSD when you want to enable most/all features, but I'm not at all interested in squid access logs and the like.

There's currently 2.3 GB in use on the SSD itself and around 650 MB on the USB. The only log file that gets changed a lot is suricata's due to having multiple servers/ports exposed to the internet, so there are many intrusion attempts. The only services I'm not using are any form of DNS (because I have a dedicated VM for it which hosts about 10 zones) and captive portal (due to this being a non-business setting).

My aim is to remove the USB drive from the equation and keep the SSD from filling more than halfway, but I don't know how log-hungry everything is over a longer period of time. Could I use the disk for a couple of years or would it be wiser to just get a larger one, and if so, what size would be best for this setup?
Title: Re: Required disk space for "all" services w/ minimal logging?
Post by: Sahbi on March 18, 2019, 06:59:58 pm
Lil' update for others who might also be looking for information on this. The USB turned out too unreliable so I decided to screw it and move it over to SSD. Also clog apparently produced a nice lil' coredump of 1 GB when it crashed due to mentioned I/O errors, so I actually only had 1.3 GB on SSD back in February. Let's say it was 2 GB since 1300 MB + 650 from USB ~= 2000.

I've been checking df -m at least once a day and disk usage is 2214 MB (17%) at the moment. So that's hardly 300 MB extra in one month. I'm also pretty sure most of the disk space is being used by TLS certs reissued via squid since I have a 128 MB cache for that (I have a lot of homebaked services running over HTTPS).

I have yet to turn on c-icap/clamav though, might do that somewhere later this week. =]
Title: Re: Required disk space for "all" services w/ minimal logging?
Post by: franco on March 19, 2019, 08:11:07 am
3-4 GB is enough to operate and upgrade to newer major releases.

Not sure about the clog issue: it sounds like a coupled power failure that would case damage to the actual log file it would write to.

Things in the default install that create a lot of data are Squid, Suricata and Netflow / Insight. Everything else should behave. :)


Cheers,
Franco
Title: Re: Required disk space for "all" services w/ minimal logging?
Post by: Sahbi on March 19, 2019, 06:20:42 pm
3-4 GB is enough to operate and upgrade to newer major releases.
Alright, good to know.

Not sure about the clog issue: it sounds like a coupled power failure that would case damage to the actual log file it would write to.
Nah it's because I was clog -f'ing a file on the USB when the latter decided to crap out on me. Not that important anyways. =]

Things in the default install that create a lot of data are Squid, Suricata and Netflow / Insight. Everything else should behave. :)
I have all of those enabled and it's still not bad at all. Also doesn't Netflow use at most 100 MB anyways?