Log rotation

Both Console and Defender call
log-rotate
every 30 minutes. The options passed to log-rotate are described below.

Defender

The default path for Defender’s log file is
/var/lib/twistlock/log/defender.log
.
It is configured as follows:
  • Truncate the original log file in place after creating a copy, instead of moving the old log file. (
    copytruncate
    )
  • Have 10 backup files rotated. If rotation exceeds 10 files, the oldest rotated file is deleted. (
    rotate 10
    )
  • Don’t generate an error in case a log file doesn’t exist. (
    missingok
    )
  • Don’t rotate the log in case it’s empty. (
    notifempty
    )
  • Rotate the log only if its size is 100M or more. (
    size 100M
    )
  • Compress the rotated logs. (
    compress
    )

Console

The default path for Console’s log file is
/var/lib/twistlock/log/console.log
.
It is configured as follows:
  • Truncate the original log file in place after creating a copy, instead of moving the old log file. (
    copytruncate
    )
  • Have 10 backup files rotated. If rotation exceeds 10 files, the oldest rotated file is deleted. (
    rotate 10
    )
  • Don’t generate an error in case a log file doesn’t exist. (
    missingok
    )
  • Don’t rotate the log in case it’s empty. (
    notifempty
    )
  • Rotate the log only if its size is 100M or more. (
    size 100M
    )
  • Compress the rotated logs. (
    compress
    )

DB logs

We log CRITICAL/ERROR messages to enable critical DB diagnostics.
This is automatically done by Prisma Cloud and is non-configurable.

Recommended For You