Wazuh manager's system disk overload
15 views
Skip to first unread message
Emar Flix
4:40 AM (16 hours ago) 4:40 AM
to Wazuh | Mailing List
Hi,
In my wazuh there manager nodes there are two disk (data and system). I want all my logs storage on data disk but default this logs sotred in /var/ossec/logs. How can I change this directory to /data/wazuh_logs folder?. In Indexers I can storage all logs on /data/wazuh_logs folder for each indexer. But in managers I can't do this and in result system disk used space is 80%.
Also I want to say that all of my manager nodes are same
thank you.
In my wazuh there manager nodes there are two disk (data and system). I want all my logs storage on data disk but default this logs sotred in /var/ossec/logs. How can I change this directory to /data/wazuh_logs folder?. In Indexers I can storage all logs on /data/wazuh_logs folder for each indexer. But in managers I can't do this and in result system disk used space is 80%.
and also other problem on /var/ossec/queue/db there is too much think or is it normal?
Also I want to say that all of my manager nodes are same
thank you.
Marcel Kemp
6:33 AM (14 hours ago) 6:33 AM
to Wazuh | Mailing List
Hi Emar,
You could move the log storage using a bind mount. Here’s an example of how to do it:
Alternatively, you can also move logs that have already been rotated to another storage location, thereby reducing the overall size of the logs significantly:
According to ‘/var/ossec/queue/db’, it is normal for these files to take up a fair amount of space if you have many agents connected, as they store the indexes that are processed by the wazuh-indexer.
However, if you feel that you do not have too many agents connected and the files are taking up too much space, we could look into this in more detail.
Reply all
Reply to author
Forward
0 new messages