Configuring system event storage

By default, system events are saved in the /var partition of the SSD drive of the Kaspersky NGFW device. If logging of system events in the error diagnostics log is enabled, you can configure the storage of system event logs in RAM and specify the amount of memory to be allocated for storing system events. When the allocated amount of memory fills up, the system event logs begin to be deleted, starting with the oldest. You can choose to store system event logs in RAM to improve performance when using the Debug logging level.

To configure the storage of system events in RAM:

1. In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.

   This opens the Policy tab.

2. In the System section, select System events.
3. On the Log filters & storage, under Storage settings, in the Log storage field, select RAM.

   When you enable the storage of logs in RAM, keep an eye on memory usage because memory filling up may impact the performance of the system.

4. In the Max RAM usage (%) field, specify the maximum amount of RAM (in percent) that can be occupied by system event log files. Possible values are from 1 to 10%. The default setting is 1%. This field becomes available only when log storage is enabled.
5. Apply the OSMP policy changes by clicking the Commit and push button.

System event logs are stored in RAM.

When system event logs are stored in RAM, the logs do not persist across Kaspersky NGFW device restarts.

Page top