Log Rotation Policy for the Appliance Logs

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

The appliance log files contain operating system messages. To simplify log data management, the appliance uses a log rotation policy that creates multiple files for each appliance log. You can define this policy.

The appliance creates one initial file for each appliance log. After this file reaches its specified size or time limit (daily, weekly, or monthly), the appliance adds the date to the filename, and then starts a new file for new log messages. For example, the syslog file is initially named messages and becomes messages-20120630 when it is rotated on June 30, 2012. After the rotation, the system creates a new file named messages for the most recent log messages.

You can compress log files to reduce the amount of storage space they require. For example, if you choose to compress rotated log files with bzip2, the rotated file from the previous example would be named messages-20120630.bz2.

Shredding overwrites deleted appliance log files to help prevent the recovery of confidential information. For example, you can specify that the system overwrite deleted files seven times. Higher numbers are more secure, but lower numbers require fewer system resources.

After the appliance creates the maximum number of log files, it deletes the oldest rotated log files before rotating the current file. For example, if the maximum number of files is five, and five rotated messages files have been created, the appliance deletes the oldest file and then rotates the current messages file.