search

Security-Onion-Solutions / securityonion

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, and case management. It also includes other tools such as osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
https://securityonion.net
3.28k stars 507 forks source link

FIX: Change the default setting for steno diskfreepercentage on standalone installations to 21 #12541

Closed dougburks closed 8 months ago

dougburks commented 8 months ago

From https://docs.securityonion.net/en/2.4/stenographer.html#disk-free-percentage:

If you have a distributed deployment with dedicated forward nodes, then the default value of 10 should be reasonable since Stenographer should be the main consumer of disk space in the /nsm partition. However, if you have systems that run both Stenographer and Elasticsearch at the same time (like eval and standalone installations), then you’ll want to make sure that this value is no lower than 21 so that you avoid Elasticsearch hitting its watermark setting at 80% disk usage. If you have an older standalone installation, then you may need to manually change this value to 21.

dougburks commented 8 months ago

https://github.com/Security-Onion-Solutions/securityonion/pull/12527

dougburks commented 8 months ago

Tested and verified:

image