000033378 - RSA Authentication Manager 8.x requires more disk space

Document created by RSA Customer Support Employee on Jan 11, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033378
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1, 8.2
IssueAn administrator has noticed that the disk space on the RSA Authentication Manager 8.x primary is getting low.
ResolutionWhere an Authentication Manager primary instance has been running for a period of time, it is possible that there is a large number of log archival data and/or backup files on the local drive that is consuming disk space. An administrator can logon to the command line with the rsaadmin account and start investigating what is taking up the disk space and perform house keeping tasks.
Below are categories that are likely to consume disk space.

Log Archival Data

An RSA Authentication Manager 8.1 primary instance will archive runtime (i. e., authentication), administrative and system activity to /opt/rsa/am/Log_archive.  This is configurable from the Security Console by navigating to Administration > Archive Audit Logs > Schedule Log Archival.
NOTE: Information on log settings and log archives can be found in Chapter 14 (starting from page 346) of the RSA Authentication Manager 8.1 Administrator’s Guide.
Where Operating System Access (SSH) is enabled, a secure FTP client could be used to copy this archive data and signature files off the authentication manager instance, reducing disk space.


Authentication Manager Backups

An administrator can configure the Operations Console (Maintenance > Backup and Restore > Schedule Backups) to store the backup files locally in /opt/rsa/am/backups. Where the backups are stored locally in the Authentication Manager, it is advised that a maximum number of archived backups is four.  This is the default value.
Where Operating System Access (SSH) is enabled, a secure FTP client could be used to copy these backup files from the Authentication Manager instance, reducing disk space.
IMPORTANT: Revise the backup configuration or store the backups in a different location other than the local drive of the Authentication Manager primary instance.



RSA RADIUS creates a new log file at the beginning of each new day where the log filename is based on that day's date.  For example, a log written on 15 June 2016 would be named 20160615.log.


Authentication Manager Log Data

The Authentication Manager instance has a number of running software components and the log files for these components are stored in /opt/rsa/am/server/logs.


Cleaning Up Authentication Manager Log Data

This task generates a new set of log files for the Authentication Manager instance and may require change control
The following steps can be used to stop Authentication Manager services, package up the log files in /opt/rsa/am/server/logs into an archive file, remove the log files and start up authentication manager services where new log files are created.

  1. Stop the RSA Authentication Manager services with the command:
/opt/rsa/am/server/rsaserv stop all

  1. Tar up the /opt/rsa/am/server/logs folder with the command 
tar -czvf /tmp/RSA-Logfiles.tgz /opt/rsa/am/server/logs

  1. Check the tgz file contains the log files with the command 
tar -tzvf /tmp/RSA-Logfiles.tgz

  1. Where Operating System Access (SSH) has been enabled in the Operations Console use a secure FTP client to copy /tmp/RSA-Logfiles.tgz to a secure location.
  2. Remove the log files from /opt/rsa/am/server/logs with the command 
rm -rf /opt/rsa/am/server/logs/*log*

  1. Start up the RSA Authentication Manager services with the command 
/opt/rsa/am/server/rsaserv start all

Finding Large Files

Running the following command as rsaadmin will find log files that are larger than 2MB:
sudo find /opt/rsa/am/ -size +2M -name *.log -type f –print | more

When prompted for a password enter the password for the rsaadmin account.