Natxo Asenjo via FreeIPA-users wrote:
hi,
our ca master role got its /var/log disk full and after a quick analysis
the directory /var/log/pki/pki-tomcat/ca/signedAudit was the problem.
First time I come across this problem after 10 years ;-)
This directory has a lot of files called ca_audit.yyyymmddhhmmss, each
2M large. It ended up costing 30G in total before we noticed.
So the quick fix was fast, deleting files, but what can I tweak to not
have this happen again in the future? And is this auditing crucial for
some process? Or can it be turned off somewhere?
Thanks in advance for your input.
I checked with the CS team.
To disable completely you can use
https://github.com/dogtagpki/pki/wiki/Enabling-Signed-Audit-Logs (use
False instead of True). Restart the CA after.
A bit more configuration
https://github.com/dogtagpki/pki/wiki/Configuring-Signed-Audit-Logs
He also told me that this is disabled by default so someone must have
turned it on or for some reason their generating a ton of audit events.
Something else to look into perhaps.
Before doing anything you may want to see the last update to CS.cfg and
any backup files. The dates may be meaningful.
rob