Based on environment-specific conditions, Jetty logs may grow to a point that they fill the root partition. The following steps detail how to reduce the retention period of jetty logs. By default log retention is set to 90 days. However, it is recommended that retention be reduced to a maximum of 30 days.
- Connect to the Security Analytics server appliance as the root user.
- Stop the Reporting Engine and Jetty services with the following commands:
Note: These commands will temporarily cause the Reporting Engine and the Security Analytics UI from being accessible, so plan accordingly.
- Backup the /opt/rsa/jetty9/etc/jetty-logging.xml file with the following command: cp /opt/rsa/jetty9/etc/jetty-logging.xml /opt/rsa/jetty9/etc/jetty-logging.xml.bak
- Modify the /opt/rsa/jetty9/etc/jetty-logging.xml file using an editor such as VI. (i.e. vi /opt/rsa/jetty9/etc/jetty-logging.xml)
- Within the jetty-logging.xml you'll find a section like the following:
<New id="ServerLog" class="java.io.PrintStream">
<Arg><Property name="jetty.logs" default="./logs"/>/yyyy_mm_dd.stderrout.log</Arg>
<Arg><Call class="java.util.TimeZone" name="getTimeZone"><Arg>GMT</Arg></Call></Arg>
<Get id="ServerLogName" name="datedFilename"/>
Near the middle of that section you will notice the following tag: <Arg type="int">90</Arg>
In this tag, the 90 refers to 90 days of logs that are retained.
It is recommended that tag be changed to be a maximum of 30 days or less, depending on the environment.
Save the changes and exit the file.
Start the Reporting Engine and Jetty services with the following commands:
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.