Log rotation

Both Console and Defender call log-rotate every 30 minutes. The options passed to log-rotate are described below.

Defender

The default path for Defender’s log file is /var/lib/twistlock/log/defender.log.
It is configured as follows:
  • Truncate the original log file in place after creating a copy, instead of moving the old log file. (copytruncate)
  • Have 10 backup files rotated. If rotation exceeds 10 files, the oldest rotated file is deleted. (rotate 10)
  • Don’t generate an error in case a log file doesn’t exist. (missingok)
  • Don’t rotate the log in case it’s empty. (notifempty)
  • Rotate the log only if its size is 100M or more. (size 100M)
  • Compress the rotated logs. (compress)

Console

The default path for Console’s log file is /var/lib/twistlock/log/console.log.
It is configured as follows:
  • Truncate the original log file in place after creating a copy, instead of moving the old log file. (copytruncate)
  • Have 10 backup files rotated. If rotation exceeds 10 files, the oldest rotated file is deleted. (rotate 10)
  • Don’t generate an error in case a log file doesn’t exist. (missingok)
  • Don’t rotate the log in case it’s empty. (notifempty)
  • Rotate the log only if its size is 100M or more. (size 100M)
  • Compress the rotated logs. (compress)

DB logs

We log CRITICAL/ERROR messages to enable critical DB diagnostics.
This is automatically done by Prisma Cloud and is non-configurable.

Recommended For You