000026846 - How to adjust Jetty 9 log retention on an RSA Security Analytics server appliance

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026846
Applies ToRSA Security Analytics
RSA Security Analytics 10.3
RSA Security Analytics Server
RSA Security Analytics Broker
Jetty 9
IssueHow to adjust Jetty 9 log retention on an RSA Security Analytics server appliance.
How do I change how Jetty logs are retained on my SA server?
Resolution

Based on environment-specific conditions, Jetty logs may grow to a point that they fill the root partition.  The following steps detail how to reduce the retention period of jetty logs.  By default log retention is set to 90 days.  However, it is recommended that retention be reduced to a maximum of 30 days.


  1. Connect to the Security Analytics server appliance as the root user.
  2. Stop the Reporting Engine and Jetty services with the following commands:
         stop rsasoc_re
         stop jettysrv

    Note:  These commands will temporarily cause the Reporting Engine and the Security Analytics UI from being accessible, so plan accordingly.
  3. Backup the /opt/rsa/jetty9/etc/jetty-logging.xml file with the following command:  cp /opt/rsa/jetty9/etc/jetty-logging.xml /opt/rsa/jetty9/etc/jetty-logging.xml.bak
  4. Modify the /opt/rsa/jetty9/etc/jetty-logging.xml file using an editor such as VI.  (i.e.  vi /opt/rsa/jetty9/etc/jetty-logging.xml)
  5. Within the jetty-logging.xml you'll find a section like the following:

    <New id="ServerLog" class="java.io.PrintStream">
    <Arg>
    <New class="org.eclipse.jetty.util.RolloverFileOutputStream">
    <Arg><Property name="jetty.logs" default="./logs"/>/yyyy_mm_dd.stderrout.log</Arg>
    <Arg type="boolean">false</Arg>
    <Arg type="int">90</Arg>
    <Arg><Call class="java.util.TimeZone" name="getTimeZone"><Arg>GMT</Arg></Call></Arg>
    <Get id="ServerLogName" name="datedFilename"/>
    </New>
    </Arg>
    </New>



    Near the middle of that section you will notice the following tag:  <Arg type="int">90</Arg>
    In this tag, the 90 refers to 90 days of logs that are retained.


    It is recommended that tag be changed to be a maximum of 30 days or less, depending on the environment.



  6. Save the changes and exit the file.



  7. Start the Reporting Engine and Jetty services with the following commands:
         start rsasoc_re
         start jettysrv


 


If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa66502

Attachments

    Outcomes