The following settings would be recommended as a starting point for conserving space and resources on the disk, and will cover the database, OSSEC diff files, and ModSecurity alert logs:
DB_USE_ARCHIVE="no"
RETENTION_USE_CONSOLIDATED="yes"
RETENTION_CONSOLIDATED="1 month"
After changing these in the ASL Configuration, you may execute them immediately by running:
/etc/cron.daily/asl
The default retention time is 3 months, but if that doesn't get the space usage down enough for your needs, you may reduce this to "1 month" or something even smaller, like some number of weeks or days.
Comments
0 comments
Please sign in to leave a comment.