rsasony (Customer) asked a question.
after onboarding to splunk still logs are storing on local server
Related Questions
Nothing found
Loading
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide How to Download OTP Token Seed Files from myRSA RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
This is normal. If the network was down the logs would be lost. We always log locally, you just have the option to copy them elsewhere.
but the logs are consuming too much of space on RSA server , which leads to having low disk space after 2 month , and can cause for stopping the services of RSA server .
is there any option to stored all the logs over splunk instead of RSA server
No, but there are some things you can do to reduce the local logs. First, make sure the trace log is set to Fatal. Verbose is only for troubleshooting, you will flood the system with logs if you leave it at Verbose or Info. Second, you can reduce the retention by going to Administration > Archive Audit Logs > Schedule Log Archival. Set it to purge logs, reduce the number of additional days, and change the directory to a WIndows or NFS share.