This article describes how logs are cleaned and how some parameters may be customized in Airlock Gateway.
How log cleanup works
Airlock Gateway stores its log files in Elasticsearch. A fresh index is created every day, storing all logs of the corresponding day. As soon as the usage in /var exceeds a specific trigger limit or when the log files exceed a certain age in days, the corresponding indices are deleted to a certain percentage of disk space to ensure enough capacity is available in /var.
Default settings | Description |
|---|---|
| If disk usage exceeds the configured percentage, a cleanup will be triggered. |
| Cleanup deletes the oldest indices until the disk usage is at the configured percentage. |
| Regardless of the trigger levels, all indices older than the configured number of days will be deleted. |
Custom configuration
The default settings suit most system configurations. However, for a high-traffic system with low disk drive capacity, there might not be enough space left to store full logs of the current day. Some companies also have a policy that restricts the storage of logs records to a shorter period.
- In both cases, you need to adjust the settings to the required values as follows:
- Create an
airlock-elasticsearch-space-nurse.cfgconfig file: - Add the default settings to the file:
- Adjust the settings to your needs.
- Restart the
airlock-elasticsearch-space-nurseservice.
copy
vi /opt/airlock/custom-settings/monitor/airlock-elasticsearch-space-nurse.cfg
copy
PERCENT_TO_TRIGGER=75 PERCENT_TO_KEEP=70 MAX_DAYS_TO_KEEP=365
copy
systemctl restart airlock-elasticsearch-space-nurse
Further information and links
- Internal links:
- Customizing events
- List of frequent events