#general - Hi! How do folks manage large

Channels

harveywells
2 years ago
Hi! How do folks manage large
```
osqueryd.ERROR
```
and
```
osqueryd.WARNING
```
files in
```
/var/log/osquery
```
? We recently deployed an log rotate conf for
```
osqueryd.results.log
```
but I’m seeing WARNING and ERROR logs files between 5 and 10 MB on some clients.
clong
2 years ago
Is 5-10MB considered too large? If you’re offloading them to a forwarder regularly couldn’t you just update the logrotate conf to rotate earlier?

View count: 5