LOGSTASH - Log consuming 100% of disk space

[ssoliveira]

Hello,

Recently a user installed nxlog on a server, and configured the service to send the IIS logs to the Nagios Log Server.

However, the user misconfigured nxlog.conf, which generated many parse errors in logstash, consuming 100% of space in /var (/var/log/logstash/)

• 1) How can I configure logstash, to leave a maximum of 2 days of logs?

• 2) I would also like a procedure for complete deactivation of the log, if necessary in some emergency.

[kyang]

You can specify the days of logs using the Maintenance Settings located in --> NLS Home --> Admin --> Snapshots & Maintenance

Delete indexes older than x

Here's our guide also.

https://assets.nagios.com/downloads/nag ... enance.pdf

2) I would also like a procedure for complete deactivation of the log, if necessary in some emergency.

As for this, a complete deactivation would be to delete the IIS log Nxlog Input from the nxlog.conffile.
Then restart the nxlog service.

[ssoliveira]

Hello,

The problem is not in nxlog.

On the rotation of logs, I've already found how to modify by changing the file /etc/logrotate.d/nagioslogserver

But, I want to disable the logs gerenated by logstash in the directory /var/log/logstash.

How can I configure logstash, so it does not generate any log.

[kyang]

In the /etc/init.d/logstash (daemon).

I commented out this line. (Put a # in front of it)

Code: Select all

LS_LOG_FILE=/var/log/logstash/$NAME.log

Then restart logstash

Code: Select all

service logstash restart

Now in /var/log/logstash/logstash.log

This is the last log I am seeing.

Code: Select all

{:timestamp=>"2018-01-05T09:55:14.167000-0600", :message=>"stopping pipeline", :id=>"main"}

Of course, in the interface, I am still receiving logs.

Code: Select all

Jan  5 10:59:03

I hope this helps! Let us know if you have any more questions.