cancel
Showing results for 
Search instead for 
Did you mean: 

isecoasmgr logs were occupying 1.8G

HI,

we have been asked to remove isecoasmgr logs for the third time to free up file system space.

OAS Linux - 6.5

ENSL 10.5.2

what is the normal log size for isecoasmgr logs?

 

1 Reply
Highlighted
McAfee Employee MarkCMc
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: isecoasmgr logs were occupying 1.8G

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/28000/PD28258/en_US/...


These log files sizes are monitored against the defined file size threshold in the product. If the file size exceeds the threshold, the log file is archived to the log archive directory through log rotation. You can define the log file size between 1 MB and 999 MB. The default size is 10 MB.

Log rotation happens on 2 scenarios:
• When the log file size reaches the defined threshold.
• When the isectpd (product) services are restarted.

In addition to these 2 scenarios, log rotation also happens:
• When the product is shut down normally.
• If the product is stopped under abnormal circumstances, log rotation does not happen.
• When you start the product after the abnormal process termination, logs are appended to the older log file.But if the older log file size is greater than the threshold, the log file rotation happens first. The product then starts writing to a fresh log file.
• Log rotation also happens in real time when the product's active log size exceeds the defined threshold.

Every time a log file is rotated, it also checks the log archive directory size. If the directory size exceeds the threshold, it deletes the oldest file.
The threshold of the log archive directory is 5 times of the limit defined in the product. For example, if the product uses the default limit of 10 MB, the log archive directory threshold is 5*10 = 50 MB.

These thresholds are also applied to each log archive-related directory (such as isecoasmgr,
isecscanfactory, or isecodscollector) in the following directories:
• /opt/isec/ens/threatprevention/var/
• /opt/isec/ens/esp/var/

The archived logs are automatically deleted when the total size of the log archive directory exceeds the
threshold (default limit * 5 times).
Each process of Endpoint Security for Linux Threat Prevention has its own dedicated archive log directory. If one of these directories exceeds the threshold (default limit * 5 times), the software deletes the oldest log file in that directory.
The oldest log file is the file that contains the smallest number in its secondary name. After deleting the oldest log file, the process again checks the log archive directory size. If the directory size is still greater than the threshold, the software again deletes the oldest log file from the existing files. This cycle continues until the directory size becomes lesser than the threshold value (default limit * 5 times).

For example, the log files names in the log archive directory are isectpd.log, isectpd.log00000, isectpd
.log00001, isectpd.log0000.
Isectpd.log is the oldest log file in the Active Directory. isectpd.log00000 is the next older file, then the next older file is isectpd.log00001. But, when log rotation deletes the oldest log file Isectpd.log, it no longer appears in the archive directory, and the isectpd.log00000 becomes the oldest log file. If Isectpd.log and isectpd.log00000 are deleted, isectpd.log00001 becomes the oldest log file.
If any process is never started or never executed (for example On-demand scan is never used), then its log file and log archive directory's size or age does not change.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community