scripts for log cleanup

1,439 views
Skip to first unread message

Gary Woodard

unread,
Apr 21, 2022, 10:31:42 AM4/21/22
to Wazuh mailing list
Any scripts available for a cron job to clean up disk space as far as logs are concerned for Wazuh and Kibana? 

Ariel Ivan Ojeda

unread,
Apr 21, 2022, 2:35:43 PM4/21/22
to Wazuh mailing list

Hi,

Thank you for posting in the Wazuh community!

For the Wazuh log files, you can use a Cron job in the Wazuh Manager machine, see an example below:

# crontab -e
0 0 * * * find /var/ossec/logs/alerts/ -type f -mtime +365 -exec rm -f {} \;
0 0 * * * find /var/ossec/logs/archives/ -type f -mtime +365 -exec rm -f {} \;

You need to specify the minute, hour, day of the month, month, or weekday for the schedule. In the example above, it will run every day at 00:00, it will find the alerts and archives files older than a year and delete them.

You can find more information about Cron jobs here:

Crontab Guru/

Crontab Quick Reference

You can also define policies to have older indices deleted from the system. You can find information on how to do this here:

Wazuh Index Management

Have a great day!

Gary Woodard

unread,
Apr 21, 2022, 2:55:23 PM4/21/22
to Wazuh mailing list
thank you

Gary Woodard

unread,
Apr 21, 2022, 6:06:56 PM4/21/22
to Wazuh mailing list
I'm having trouble following the guide for the Kibana Index Lifecycle Management. The options I have is Index Management > Index Policies

Ariel Ivan Ojeda

unread,
Apr 25, 2022, 8:54:38 AM4/25/22
to Wazuh mailing list
Hi!

Please scroll down to the " OpenDistro ISM" section of the guide, there you will find the steps required for OpenDistro. 

Best regards,

Ariel Ojeda

Reply all
Reply to author
Forward
0 new messages