Rotating event log records and dumps

To prevent the generated system event logs and dump files from filling up the hard disk, the log and dump files are automatically rotated when the maximum allowed file size is reached or when the maximum storage duration expires. As soon as the total size of the files exceeds the configured limit, the oldest files are automatically deleted.

The following types of system events are stored on the /var partition of a Kaspersky NGFW device:

Rotation works differently for different types of files:

A certain disk space quota is allocated for each file type (see the table below).

Maximum allowed file size

File type

Maximum percentage of occupied space

Network dump file

The file size is determined by the configured log length in seconds or packets

Core dump files

10%

Local system event files

40% (not counted if system events are stored in RAM)

Persistent security event files in /var/security-events/

15%

Temporary security event files in /var/security-events/failed-to-send

15%

Traffic dump files when IDPS signatures are triggered in /var/idps

10%

You can find out how much disk space on the /var partition is allocated for other data and the remaining space on the /var partition allocated for log files and dump files by running the du command in bash on the Kaspersky NGFW device.

Page top