Natxo Asenjo via FreeIPA-users wrote: > hi, > > our ca master role got its /var/log disk full and after a quick analysis > the directory /var/log/pki/pki-tomcat/ca/signedAudit was the problem. > > First time I come across this problem after 10 years ;-) > > This directory has a lot of files called ca_audit.yyyymmddhhmmss, each > 2M large. It ended up costing 30G in total before we noticed. > > So the quick fix was fast, deleting files, but what can I tweak to not > have this happen again in the future? And is this auditing crucial for > some process? Or can it be turned off somewhere? > > Thanks in advance for your input.
I checked with the CS team. To disable completely you can use https://github.com/dogtagpki/pki/wiki/Enabling-Signed-Audit-Logs (use False instead of True). Restart the CA after. A bit more configuration https://github.com/dogtagpki/pki/wiki/Configuring-Signed-Audit-Logs He also told me that this is disabled by default so someone must have turned it on or for some reason their generating a ton of audit events. Something else to look into perhaps. Before doing anything you may want to see the last update to CS.cfg and any backup files. The dates may be meaningful. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
