Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 2740 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SDL logs for. Sophos Intercept-x for server occupying massive disk space

Alok Gupta

Hi

I am using SOPHOS Intercept-x for server with server lockdown feature and noticing that SOPHOS SDL log files keep on increasing and storing more than a year logs. Resulting no space left on the disk.

Pls suggest workaround to remove these logs and to limit the log upto a month only.

Thanks,



This thread was automatically locked due to age.
  • 0

    Hi Alok,

    Thank you for reaching out to the Sophos Community Forum. 

    If you need to free up disk space immediately, you can do so by unlocking the server in order to delete the oldest log files. 

    I have reached out internally to get more information on this behaviour and will follow up with you here with anything I'm able to share.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    Thanks. Please stay in touch with us. The client should be able to clean up old logs automatically.

    Having the same behaviour.

  • 0 in reply to Qoosh

    Hi Kushal 

    Thanks for your reply!

    I am trying to delete the logs manually but it taking huge time. Beside this, I can't delete all the logs as the server gets hanged, so I have to select small bunch of files to delete  which is taking long time and number of files in the log folder is approx 20lacs.

  • 0 in reply to Alok Gupta

    I received an update from our team. We do have plans to address this issue in a release later this year, however, we do not have a definitive time frame as to when you can expect the fix to be pushed out.

    Manually clearing the files may be the best option in the meantime. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    Why do I need to unlock the server to delete the SLD log files?

    -> Tamper protection disabled

    C:\ProgramData\Sophos\SLD\logs>cacls log_202204201528390678.xml
    C:\ProgramData\Sophos\SLD\logs\log_202204201528390678.xml NT-AUTHORITY\SYSTEM:(ID)F
                                                              BUILTIN\Administrators:(ID)F


    C:\ProgramData\Sophos\SLD\logs>del log_202204201528390678.xml
    C:\ProgramData\Sophos\SLD\logs\log_202204201528390678.xml
    Access denied

    ->unlocked the server from SLD here


    C:\ProgramData\Sophos\SLD\logs>del log_202204201528390678.xml

    C:\ProgramData\Sophos\SLD\logs>del log_202204201528390678.xml
    C:\ProgramData\Sophos\SLD\logs\log_202204201528390678.xml not found

    delete OK

Unfiltered HTML