ferkhat-aws
commented
4 years ago Thank you for bringing this to our attention. We have taken a note of this.
Closed michaelsmoody closed 4 years ago
ferkhat-aws
commented
4 years ago Thank you for bringing this to our attention. We have taken a note of this.
RushikeshJoshi4
commented
2 years ago I'm seeing a similar issue. Is there any update on this? If not, I just need some help in deciding which files are safe to delete/rotate? I see leaks in these directories -
./var/log/amazon/ssm./var/lib/amazon/ssm/<some-random-number>/session/orchestration/*
Are logs in these directories safe to rotate on a daily basis? Can someone provide more guidance on that?
Good afternoon,
The default configuration for seelog in SSM doesn't compress the log files in /var/log/amazon/ssm/
seelog does have a directive that allows for zip or gzip compression of log files when rotated. Considering the default seems to allow 300Mbyte log files prior to requiring rotation, this could potentially grow quite large on a /var/log volume (most compliance benchmarks require /var/log to be a separate partition with its own distinct mount options). Please consider modifying the default behavior to include compression of old log files.
Similarly, it appears the rotated logs are rotated in reverse order (meaning that the sequential numbering is backwards, with the most recent number taking the highest number, and it seems this continues getting higher the longer the system runs and rotates logs). This is in contrast to most logging rotation, which numbers the existing log with no number, the recently rotated log with "1", the newly rotated old log as "2", and so on. If you'd like me to open a separate issue for this, I'm happy to do so.
Thanks, Michael