5.1. Log Rotation and Retention¶
ASGARD is rotating logs automatically at a set time interval. It is important to keep in mind how long logs will be stored on the system before they get purged. All logs will be rotated and zipped into one file monthly, for up to 14 months.
To get a better understanding of how the log rotation is handled,
you can inspect
5.1.1. Syslog Logs¶
ASGARD will store all logs under
This does not include the Scan Logs, as those are handled separately.
If you require a longer retention period, please copy the oldest log packages to another directory or to a dedicated log server. Do not modify the built-in rotation settings as this might interfere with ASGARD updates!
|ASGARD Management Center||asgard.log|
|Agent Agent and Service Controller||agent.log|
|THOR via Syslog||scan.log|
|THOR via Syslog (Scan Start, Licensing, Completion only)||subscan.log|
If you want to forward those logs automatically to a dedicated server, you can set up Rsyslog Forwarding. Forwarded logs will still reside on ASGARD.
5.2. Regain Disk Space¶
If your disk usage is growing too fast and free disk space is running out, you have several options:
- Increase the size of your disk
- Delete files that are not needed for operation (i.e. safe to delete)
- Delete files that are used by MC but might be unneeded / dated
5.2.1. Safe-to-Delete Files¶
The following files are safe to delete. They are not needed for ASGARD to operate.
They are only kept on the system if needed for further processing. E.g. saving/sending the log files to another system. If you do not need or plan to use those, they can be deleted. If you are unsure make a copy to another system before deleting them.
/var/lib/nextron/asgard2/downloads/*(except current day)
The files in this folder are only generated for temporary downloading
files from the UI and are not needed after the download has finished.
The directory has a sub structure of
year/month/day. It is save to
delete any files older than the current day.
5.2.2. Potentially Unneeded / Dated Files¶
- Bifrost quarantined files
If you use Bifrost, the collected files are not deleted by default.
If dated files are no longer needed, you can define a retention
The listed files are the results of THOR scans (scan-results), Tasks except Scans (generic-results) and the sessions of remote consoles (remote-console). They are not needed for ASGARD to function, but the data is viewed and available for download in ASGARD. This means deleting these files will not break ASGARD, but you lose the information provided by the files. If you need the disk space and cannot increase the disk, we suggest to delete these files older than a given date, that you no longer need. This can be done with a find-remove combination using the command line:
root@asgard:~# find /var/lib/nextron/asgard2/<directory> -mtime +<days> -print0 | xargs -0 -r rm
<directory> is one of
<days> the number of days you want to keep. Files and folders older than
<days> days will be deleted.