cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

ENSTP CLI log files rotation

Jump to solution

Hi,

We are using Endpoint Security Threat Protection for Linux 10.6.5.107 and are in the process of updating to 10.7.1 on RHEL 7.8.

As our product is a customised standalone system we provide an interface to run scans via the CLI (isecav), however we have found that all of the actions via this command are logged to a files in /opt/isec/ens/threatprotection/var/isecav/ and over a day we have ~3500 log files totaling around ~14Mb in size.

I am aware of the changes in https://kc.mcafee.com/corporate/index?page=content&id=KB92028 

Th KB mention that this directory is "The real-time log file for the CLI", but I have not found any information on how to configure the number or limit the size of these logs. 

How are these log files configured?

What are the default limits to the number or size of the directory?

Thanks

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: ENSTP CLI log files rotation

Jump to solution

the log rotation for each of the ensl log folders is determined by the size limit setting in the ens security common \ options policy

the default limit that is set for that policy is 10mb and ensl will retain up to either 5 files of 10mb or a total size limit of 50mb before it rotates the logs.  if you increase the size limit then that new number times 5 will be the new limit before logs will be rotated.  so in the cli folder having 3500 + files is ok as long as the total size of the folder doesn't exceed 50mb (if you are using the default value of 10mb).

with 10.7 the log rotation does change for some of the log folders.  what you will see is that each time the mfetpd service is restarted it will rotate out the logs and archive any current logs in several of the folders.  the same will apply if the log reaches the max limit before the service starts.  this will occur in the /var/McAfee/ens/log/tp/mfetpd and mfeoasmgr folders.  the rest of the folders will behave the same as what you are seeing now.

View solution in original post

3 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: ENSTP CLI log files rotation

Jump to solution

the log rotation for each of the ensl log folders is determined by the size limit setting in the ens security common \ options policy

the default limit that is set for that policy is 10mb and ensl will retain up to either 5 files of 10mb or a total size limit of 50mb before it rotates the logs.  if you increase the size limit then that new number times 5 will be the new limit before logs will be rotated.  so in the cli folder having 3500 + files is ok as long as the total size of the folder doesn't exceed 50mb (if you are using the default value of 10mb).

with 10.7 the log rotation does change for some of the log folders.  what you will see is that each time the mfetpd service is restarted it will rotate out the logs and archive any current logs in several of the folders.  the same will apply if the log reaches the max limit before the service starts.  this will occur in the /var/McAfee/ens/log/tp/mfetpd and mfeoasmgr folders.  the rest of the folders will behave the same as what you are seeing now.

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: ENSTP CLI log files rotation

Jump to solution

Hello,

 

You can also refer below screenshot for more information on setting the size of the logs under policy.

04_Common_Policy_.PNG

Regards,
Daya
Highlighted

Re: ENSTP CLI log files rotation

Jump to solution

Thanks for the information

That does make it clearer that they are using the common ProgramLog configuration entries and the files will get rotated out at some point in time.

 

Chris

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community