Question regarding log management and best practices

NumberOne

Good afternoon,

I would like to clarify one point regarding log management in Energy Logserver.

Does the system include functionality to automatically delete or rotate self-monitoring logs, such as:

Logstash → /var/log/logstash/
Elasticsearch → /var/log/elasticsearch/
System logs → /var/log/messages/

Additionally, could you please advise on best practices when the disk usage reaches around 80%? For example, whether it is recommended to configure auto-rotation or manual clean-up.

Thank you in advance for your support.

SzymonC

Hi,

Because each environment, disk sizes and policies for customers are different, best and safest approach is to add task to system cron at /etc/crontab
Here are sets of rules, you can use:

0 6 * * * find /var/ossec/logs/ -name "*.gz" -o -name "*.log"  -type f -mtime +10 -exec rm -f {} \;
0 5 * * * find /var/log/elasticsearch -type f -mtime +5 | xargs rm
0 4 * * * find /var/log/logstash -type f -mtime +5 | xargs rm
0 4 * * * find /root/backup-Energy-Logserver-*.tar.gz -type f -mtime +30 | xargs rm

mtime parameter defines lifecycle of each files in days, so if -mtime +10 is set - then it will remove files older than 10 days.
Each task is executed daily with second digit pointing at hour, so 0 6 * * * * means each day at 6am and 0 4 * * * means each day at 4am

Hope it helps!