Lower or disable talpa-cache system logging?

Hi Jason Peery 

Would you please suggest the Sophos product which you are using and the issue happening with it?

Hello Jason,

noise is in the eye of the beholder, or Talpa is encountering an  excessive number of events it normally logs. There's lots of other noise in my logs and Talpa doesn't stand out at all. Can't say if Talpa logging can be configured, what these messages actually signify, and whether this frequency is normal or not - I'm not  DouglasLeeder  ;)

Christian

I'm not overly familiar with Sophos, but it appears we're running sav-protect av deamon and sav-rms the management agent (from systemd service).  From savdctl version:
/opt/sophos-av/bin/savdctl version
savdctl version 1.0

and from savdstatus:

/opt/sophos-av/bin/savdstatus --version --verbose
Copyright 1989-2019 Sophos Limited. All rights reserved.
Sophos Anti-Virus       = 10.5.0
Build Revision          = 2820994
Threat detection engine = 3.77.1
Threat data             = 5.74
Threat count            = 49416425
Threat data release     = Tue 31 Mar 2020 12:00:00 AM
Last update             = Tue 21 Apr 2020 06:14:21 AM EDT

These run on CentOS7 instances.

Thanks

Hi Jason Peery 

Would you able to see the issue with Sophos because of this logs or have you found any excessive logs of Talpa in any of the Sophos logs?

I don't understand your question, but the issue I am having is these entries are filling up system logs and consuming the filesystem, additionally it makes searching system logs for other issues difficult to find or time consuming weeding through all the repetitive talpa messages.  There's no use for these, would like to turn it off or limit or change the log level some way.

Thanks

Hi Jason Peery 

I meant that if this is something issue with Sophos products, then we'll be able to help you but if it is a specific issue with the Operating system logs, I am not an SME in the Linux Operating System.

The issue is with Sophos, in this case what the log level is set to which writes talpa-cache entries to the system log.  I am trying to find out in which Sophos config is that log level set or disabled, and what the setting needs to be changed to.  Typically for other applications for example there is debug, info, warning, none, etc.  Where is that being set and what can I change it to or how do I disable.  OR, is it possible to configure Sophos to send these messages to a different log file and not use the system log?

Hi Jason,

I'm afraid there isn't any way to change the logging from the talpa-cache.

It is disabled and enabled each time the threat protection data is updated, typically every few hours.

The timestamps are in seconds, so this 9 messages over 28 hours, which is hardly spamming the logs.