LinuxQuestions.org - Need help in categorizing the linux logs for pruning.

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Need help in categorizing the linux logs for pruning. (https://www.linuxquestions.org/questions/linux-security-4/need-help-in-categorizing-the-linux-logs-for-pruning-4175734097/)

Jafbot

02-21-2024 01:41 PM

Need help in categorizing the linux logs for pruning.

Hi Team,

Thanks in Advance for nay help.

Actually I need to prune linux logs as I'm getting bulk of data on My SIEM C360 which is developed on logstash ELK Stack. I'm not able to categorize that out of linux which type logs can be pruned which are not adding any security value in monitoring.

Feel free to communicate further for any question so we may able to conclude it collaboratively.

Regards,

frankbell

02-21-2024 08:19 PM

Does your distro use SystemD? If so, this article should help.

If you have logs in the traditional location of /var/log, this article may prove useful.

You might also check whether you have logrotate installed.

The reason I ask is that logrotate periodically compresses older log data into compressed files, making it easier to cull outdated data.

Welcome to LQ.

pan64

02-22-2024 02:43 AM

yes, in general you can use logrotate to limit the size of the log files. But only you know what is important for you and what do you want to keep longer.

All times are GMT -5. The time now is 02:25 AM.