An administrator has noticed that the disk space on the RSA Authentication Manager 8.x primary is getting low.
Where an Authentication Manager primary instance has been running for a period of time, it is possible that there is a large number of log archival data and/or backup files on the local drive that is consuming disk space. An administrator can logon to the command line with the rsaadmin account and start investigating what is taking up the disk space and perform house keeping tasks.
Below are categories that are likely to consume disk space.
Log Archival Data
An RSA Authentication Manager 8.1 primary instance will archive runtime (i. e., authentication), administrative and system activity to /opt/rsa/am/Log_archive. This is configurable from the Security Console by navigating to Administration > Archive Audit Logs > Schedule Log Archival.
Where Operating System Access (SSH) is enabled, a secure FTP client could be used to copy this archive data and signature files off the authentication manager instance, reducing disk space.
Authentication Manager Backups
An administrator can configure the Operations Console (Maintenance > Backup and Restore > Schedule Backups) to store the backup files locally in /opt/rsa/am/backups. Where the backups are stored locally in the Authentication Manager, it is advised that a maximum number of archived backups is four. This is the default value.
Where Operating System Access (SSH) is enabled, a secure FTP client could be used to copy these backup files from the Authentication Manager instance, reducing disk space.
IMPORTANT: Revise the backup configuration or store the backups in a different location other than the local drive of the Authentication Manager primary instance.
RADIUS Log Data
RSA RADIUS creates a new log file at the beginning of each new day where the log filename is based on that day's date. For example, a log written on 15 June 2016 would be named 20160615.log.
Authentication Manager Log Data
The Authentication Manager instance has a number of running software components and the log files for these components are stored in /opt/rsa/am/server/logs.
Cleaning Up Authentication Manager Log Data
This task generates a new set of log files for the Authentication Manager instance and may require change control
The following steps can be used to stop Authentication Manager services, package up the log files in /opt/rsa/am/server/logs into an archive file, remove the log files and start up authentication manager services where new log files are created.
Stop the RSA Authentication Manager services with the command:
/opt/rsa/am/server/rsaserv stop all
Tar up the /opt/rsa/am/server/logs folder with the command
tar -czvf /tmp/RSA-Logfiles.tgz /opt/rsa/am/server/logs
Check the tgz file contains the log files with the command
tar -tzvf /tmp/RSA-Logfiles.tgz
Where Operating System Access (SSH) has been enabled in the Operations Console use a secure FTP client to copy /tmp/RSA-Logfiles.tgz to a secure location.
Remove the log files from /opt/rsa/am/server/logs with the command
rm -rf /opt/rsa/am/server/logs/*log*
Start up the RSA Authentication Manager services with the command
/opt/rsa/am/server/rsaserv start all
Finding Large Files
Running the following command as rsaadmin will find log files that are larger than 2MB:
sudo find /opt/rsa/am/ -size +2M -name *.log -type f –print | more
When prompted for a password enter the password for the rsaadmin account.