A minimal-install NetMon system will quickly run out of disk space. Because you are not using this system for production data, you can free up disk space by deleting logs, statistics, captured PCAPs, and indices.

In the steps that follow, $ represents a Linux shell prompt. You do not need to type the $, only the command that follows.

Clean Up Diagnostic Stats and Logs

From the Linux prompt:

  1. Switch users to root:

    $ sudo su
  2. Clean up cassandra diagnostic statistics (because these stats require lots of space, this step could significantly free up your system):

    $ /usr/bin/rm -rf /var/lib/cassandra/data/DPI/Stat*
  3. Delete log files and rolled logs:

    $ /usr/bin/rm -rf /var/log/persistent/*.log
    $ /usr/bin/rm -rf /var/log/persistent/*.gz
    $ /usr/bin/rm -rf /var/log/probe/*.log
    $ /usr/bin/rm -rf /var/log/probe/*.log.*
    $ /usr/bin/rm -rf /var/log/probe/*.gz

(Optional) Clean Up PCAP Files

From the Linux prompt:

  1. Switch users to root:

    $ sudo su
  2. To display partitions and drive space used, check which PCAP partitions exist:

    $ df -h
    With the exception of especially large systems, this is usually only /pcap0. Look for drives “mounted on” /pcapN, such as /pcap0, /pcap1, etc.
  3. Navigate to the partition you want to clean up:

    $ cd /pcap0/
  4. Delete either individual folders or everything on the partition.

    1. Delete individual folders (in this example, the folder is named “2018_02_21”):

      $ rm -rf 2018_02_21
    2. Delete everything on the partition:

      $ rm -rf *

Before running this command, make absolutely certain that you changed directories (cd) to a PCAP partition such as pcap0. If you do not, you could irreparably damage your installation.

Restart NetMon

Restart the NetMon services:

$ systemctl restart netmon

Delete Indices in the NetMon Web Management Interface

  1. Log in to the NetMon Web Management interface.
  2. On the top navigation bar, click Configuration, and then click the Metadata tab.
  3. Delete the events_ and network_ indices by clicking trash can icon.