Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Log & Event Manager (LEM) > Unable to compress large Syslog data files

Unable to compress large Syslog data files

Created by David Clark, last modified by Erica Gill on Jan 18, 2017

Views: 43 Votes: 1 Revisions: 10

Overview

The log size is over 7 GB and Linux is having an issue compressing it.

Environment

All LEM versions

Cause 

  • ASA, for example, can generate up to 6 GB of syslog an hour if info severity is enabled.
  • In 24 hours that log can easily exceed 8 GB.
  • The Log file is exceeding 8 GB and LEM is set to compress compresses the log files daily.
  • Linux cannot compress files over 8 GB.

Resolution

  1. Change the default values on the LEM by going to the CMC shell in Vsphere or putty.
  2. In the command prompt, enter the command appliance.
  3. Enter the command setlogrotate and change to hourly. This allows LEM to compress a file each hour instead of daily.
    Note: If your Logs/Data partition is full or a particular Syslog file is large, contact SolarWinds Support to assist in this process.
     
Last modified
03:10, 18 Jan 2017

Tags

Classifications

Public