Reduce audit logs

Environment

• Knox E-FOTA On-Premises
• Red Hat Enterprise Linux

Overview

Knox E-FOTA On-Premises may generate many audit logs, which can quickly fill up disk space and cause system instability. You can configure containers to reduce continuous logging by disabling SELinux labeling.

This solution modifies the container startup options in the dfm_config.json file to add the --security-opt label=disable option, which reduces audit log generation for the specified container.

Reduce audit logging for containers

To reduce audit log generation:

1. On your Knox E-FOTA On-Premises server, navigate to /dfm/config/:

   cd /dfm/config
   

2. Open the dfm_config.json file in a text editor.

3. In the JSON configuration file, locate the following container run command options:

   • opt_mysql_run_cmd — MySQL database container
   • opt_minio_run_cmd — MinIO object storage container
   • opt_core_run_cmd — Core service container
   • opt_console_run_cmd — Console service container
   • opt_haproxy_run_cmd — HAProxy load balancer container

4. Add the --security-opt label=disable option to the run command for each container where you want to reduce audit logging. Here’s an example that adds this option to the opt_core_run_cmd run command:

   "opt_core_run_cmd": "--log-driver json-file --log-opt max-size=5m --log-opt max-file=10 --restart=always --security-opt=no-new-privileges --security-opt label=disable --health-cmd='curl --fail http://127.0.0.1:10080/index.html || exit 1'"
   

5. Save the dfm_config.json file and exit the text editor.

6. Restart the containers for which you modified the configuration. For example, to restart the core service container:

   dfm restart dfm-core
   

After applying this configuration, the specified containers will generate fewer audit logs, saving disk space and preventing system instability.