This article describes how logs are cleaned and how some parameters may be customized in Airlock Gateway.
How log cleanup works
Airlock Gateway stores its log files in Elasticsearch. The time range covered by logs and reports depends on available disk space and the traffic volume of the system. A fresh index is created every day, storing all logs of the corresponding day. As soon as the usage in /var
exceeds a specific trigger limit or when the log files exceed a certain age in days, the corresponding indices are deleted to a certain percentage of disk space to ensure enough capacity is available in /var
.
Default settings | Description |
---|---|
| If disk usage exceeds the configured percentage, a cleanup will be triggered. |
| Cleanup deletes the oldest indices until the disk usage is at the configured percentage. |
| Regardless of the trigger levels, all indices older than the configured number of days will be deleted. |
Custom configuration
The default settings suit most system configurations. However, for a high-traffic system with low disk drive capacity, there might not be enough space left to store full logs of the current day. Some companies also have a policy that restricts the storage of logs records to a shorter period.
- In both cases, you need to adjust the settings to the required values as follows:
- Create an
airlock-elasticsearch-space-nurse.cfg
config file: - Add the default settings to the file:
- Adjust the settings to your needs.
- Restart the
airlock-elasticsearch-space-nurse
service.
Further information and links
- Internal links:
- Customizing events
- List of frequent events