Remote Elasticsearch

Started by flyingbird76, July 08, 2024, 07:00:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 08, 2024, 07:00:50 PM
I originally installed Zenarmour using SQLite but I wanted more than 2 days data retention. Although my firewall is powerful enough to install elasticsearch (quad core, 8gb RAM), I preferred to keep Elasticsearch separate from my firewall, so I purchased a mini server to act as my Elasticsearch server (I will use it for other data logging as well now that I have it).

The install of Zenarmour went well and everything is working well as far as I can see but when I check the database in settings I get the following warning:

'We do not advise to set a data retention interval longer than 2 days for elasticsearchRemote backend'

It is currently set to 7 days.

Question; Why would using a much more powerful external Elasticsearch server for Zenarmor give a recommendation to only retain 2 days of logs while using Elasticsearch installed on the vastly less powerful firewall it is happy with a 7 day retention period?
July 09, 2024, 08:44:26 AM #1
Hi,

Thanks for reporting. This is a known UI issue. You can dismiss it and set retention period more than 2 days.

July 09, 2024, 06:53:29 PM #2
Thank you.
Print
Go Up Pages1
User actions