Preventing low disk space alerts

 

There are a few things you can do to reduce the amount of space that reporting takes up.

1. Lower the Data Retention period in Apps > Reports > Data

Obviously, the more time you're keeping reporting data available, the more disk space you're taking up. Data older than the retention period setting is discarded and no longer available to view in the Untangle's Reports app.

ReportsDataRetention.jpg

 

2. Disable extraneous logging options in Config > Network > Advanced

These options can create a lot of logging data, particularly the 'bypassed' and 'blocked' options. 'Log blocked sessions' refers only to traffic that's blocked by iptables, so that's traffic that never makes it to the applications. Anything blocked by applications will still be logged in that application's report. ('Local outbound' refers to outbound traffic created by the Untangle itself: callbacks to the license servers and DNS lookups, mainly.)

 

3. Limit the number of alerts being logged

The setting for this is in Config > Events > Alerts, under the rule 'Free disk space is low'. The default setting is diskFreePercent < .2, or 20% free disk space; if your appliance has a 500GB hard drive, that's still 100GB of HDD space free. For these larger disks, we usually recommend setting the diskFreePercent condition to .1 (or even smaller!); that would cut down on the number of alerts you'd see and still allow for a pretty sizable amount of free disk space.

DiskSpaceLowEvent.jpg

4. Reduce the amount of logging being done by applications

Any application which scans traffic will generate Reports events. Some applications don't do anything by default except log; a notable example is the Firewall application. If a given application isn't being used, we recommend uninstalling it altogether (which will also help with the Untangle's general performance).

5. Bypass some traffic

Some devices probably don't need their traffic scanned by all our applications: VoIP phones, network printers, NAS devices, PoS terminals, IoT devices like smart speakers & light bulbs, &c. (Basically, anything that doesn't have a web browser.) Bypassing those devices not only cuts down on Reports data but can improve both their performance and the NGFW's performance. Instructions on bypassing devices are here: How To Bypass Traffic From Filtering

 

If you have command-line access to your Untangle, you can also use this script to clear all currently-stored Reports data, but do be warned that this script can be hard on the disk if it's run frequently. It's better to shorten your retention period and store less data than have to clear it all!

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.

Powered by Zendesk