Not enough space - evebox scirius no alert alerting
74 views
Skip to first unread message
Scap
Jul 18, 2019, 9:23:45 AM7/18/19
to SELKS
Hi,
I was running of space on the lvm root.
So i try to clean some file with
echo " " > Eve.json or stats etc....
But at the end i have just increase by 10Go the lvm.
I was running of space on the lvm root.
So i try to clean some file with
echo " " > Eve.json or stats etc....
But at the end i have just increase by 10Go the lvm.
I Still have file extraction, Eve.json alert.
But even with a reboot i have no alert on scirius and evebox.
Maybe because one process switch in read only or other things?
Any idea?
My selks-health just show me the moloch is in failed. But maybe he was before...
Peter Manev
Jul 18, 2019, 9:35:02 AM7/18/19
to Scap, SELKS
Hi,
I was running of space on the lvm root.
So i try to clean some file with
echo " " > Eve.json or stats etc....
But at the end i have just increase by 10Go the lvm.
I Still have file extraction, Eve.json alert.
But even with a reboot i have no alert on scirius and evebox.
Maybe because one process switch in read only or other things?
Any idea?
You should try to budget your VM disk wise with respect to the traffic you inspect and retention you need I think.
Moloch/ES data can take a lot of space - if that is the issue there are cronjob scripts (/etc/cronjob) that may need to be adjusted.
Also just for reference - https://github.com/StamusNetworks/SELKS/wiki/Reset-stats-and-logs
The script is cleaning up all data so feel free to poke around if needed :)
My selks-health just show me the moloch is in failed. But maybe he was before...
--
IRC: Let's talk about SELKS on Freenode IRC on the #SELKS channel
Wiki: https://github.com/StamusNetworks/SELKS/wiki
GitHub: https://github.com/StamusNetworks/SELKS
Blog: https://www.stamus-networks.com/theblog/
Twitter: @StamusN
g+: Stamus Networks
---
You received this message because you are subscribed to the Google Groups "SELKS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to selks+un...@googlegroups.com.
To post to this group, send email to se...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/selks/4953f532-60e7-4314-b211-bfb175e540e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Alexander Nedelchev
Jul 18, 2019, 10:07:58 AM7/18/19
to SELKS
One additional point too: When you clean json log files, 1st stop suricata.
Scap
Jul 19, 2019, 4:09:04 AM7/19/19
to SELKS
Hello,
I reset the log but i was facing a problem with moloch logs. i have clear the /data/moloch/logs files (13Go) and it is now good :)
Thank you
Reply all
Reply to author
Forward
0 new messages