Intrusion detection filter logs are filling disk.

Started by Martinezio, June 15, 2022, 05:00:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 15, 2022, 05:00:50 PM
Hi.

How can I manage filter logs from IDS (those written at /var/log/filter directory)?
Is any possibility to add some gzip or bzip2 function to log rotation? At my installation, every daily file has around 5GB of size and this quickly fills up entire disk. I've now limited to keep only 3 files, but it's not comfortable. Compressing those files would save a lot of space, are they are simple txt files...

Thanks a lot in advance for any hint :) I coudn't find any configuration for this :/
June 16, 2022, 11:21:14 AM #1 Last Edit: June 16, 2022, 11:23:37 AM by Vilhonator
To my knowledge you can't compress files from settings etc.

You can try scheduled script for it (Compress all un compressed files in xxx folder every xxx hours)

What I know does work, is that you can send the logs to external storage or at least use Wireshark or remote log server program and set logs to be available to be fetched from specific source through specific UDP port.
Print
Go Up Pages1
User actions