Video Screencast Help

Apache Log Retention

Created: 23 Jan 2013 | 5 comments

I enabled apache logs as recomended for the content distribution monitor tool and I have just discovered that the E:\Symantec\Symantec Endpoint Protection Manager\apache\logs folder has grown to 26GB. This is filled with daily error and access log files dating back to June 2012. I have manually deleted some of the files but is there a way to set the retention for these logs so they are automatically deleted?

I am running 12.1 RU1 MP1

Comments 5 CommentsJump to latest comment

pete_4u2002's picture

change the logging from finest to info , if it is enabled. Also restart the SEPM web service.

_Brian's picture

Did you enable any logging on the SEPM recently?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

goto SEPM machine \Symantec Endpoint Protection Manager\tomcat\etc\conf.properties look for this entry, scm.log.loglevel=, change it to info and restart the SEPM web service.

alex.milford's picture

This is nothing to do with the log level of SEPM - this is already set to info in E:\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties. It is to do with the apache logging. The dist monitor tool advises to set loglevel to info in E:\Symantec\Symantec Endpoint Protection Manager\apache\conf\httpd.conf. This was changed in Jun when SEP 12 was first installed. This change forces apache to create a new log file everyday but i need to find a way to limit the number of files kept i.e. only keep a weeks worth

 

Steps to enable Apache Logs on each SEPM server:
1)Access SEPM_INSTALL\apache\conf folder and take backup of httpd.conf file
2)In httpd.conf file, enable access and error logging. Also set LogLevel to info.

Error log: Uncomment #ErrorLog "|| bin/rotatelogs.exe logs/error-%Z.log 100M", change log file name format and log rotation to 24 hours.
Modified line: ErrorLog "|| bin/rotatelogs.exe logs/error-%Y-%m-%d.log 86400"

Access log: Uncomment #CustomLog "|| bin/rotatelogs.exe logs/access-%Z.log 100M" combined, change log file name format and log rotation to 24 hours.
Modified line: CustomLog "|| bin/rotatelogs.exe logs/access-%Y-%m-%d.log 86400" combined

LogLevel: Change LogLevel from warn to info.
Modified line: LogLevel info

3)Restart the Apache (net stop semwebsrv and net start semsrv)
 

SMLatCST's picture

I'm afraid not crying, the rotatelogs program is not capable of deleting logs older than a certain number of days.

The closest you can get to is configuring a windows scheduled task to delete them for you.  Of course if you do this, you limit the data available via the Distribution Monitoring Tool.

You could log this as an IDEA in these forums, but I doubt it'd get that much attention from Symantec as it's only used to generate logs for an unsupported tool.  That said, Citrix have managed to add this sort of "Delete after number of days" functionaility to their implementation of rotatelogs so maybe it isn't too difficult wink

One option for the scheduled task might be:

http://gallery.technet.microsoft.com/scriptcenter/...