Maintain a Minimal NetMon
A minimal-install NetMon system will quickly run out of disk space. Because you are not using this system for production data, you can free up disk space by deleting logs, statistics, captured PCAPs, and indices.
Clean Up Diagnostic Stats and Logs
From the Linux prompt:
Switch users to root:
$ sudo su
Clean up cassandra diagnostic statistics (because these stats require lots of space, this step could significantly free up your system):
$ /usr/bin/rm -rf /var/lib/cassandra/data/DPI/Stat*
Delete log files and rolled logs:
$ /usr/bin/rm -rf /var/log/persistent/*.log
$ /usr/bin/rm -rf /var/log/persistent/*.gz
$ /usr/bin/rm -rf /var/log/probe/*.log
$ /usr/bin/rm -rf /var/log/probe/*.log.*
$ /usr/bin/rm -rf /var/log/probe/*.gz
(Optional) Clean Up PCAP Files
From the Linux prompt:
Switch users to root:
$ sudo su
To display partitions and drive space used, check which PCAP partitions exist:
$ df -h
With the exception of especially large systems, this is usually only /pcap0. Look for drives “mounted on” /pcapN, such as /pcap0, /pcap1, etc.Navigate to the partition you want to clean up:
$ cd /pcap0/
Delete either individual folders or everything on the partition.
Delete individual folders (in this example, the folder is named “2018_02_21”):
$ rm -rf 2018_02_21
Delete everything on the partition:
$ rm -rf *
Before running this command, make absolutely certain that you changed directories (cd) to a PCAP partition such as pcap0. If you do not, you could irreparably damage your installation.
Restart NetMon
Restart the NetMon services:
$ systemctl restart netmon
Delete Indices in the NetMon Web Management Interface
- Log in to the NetMon Web Management interface.
- On the top navigation bar, click Configuration, and then click the Metadata tab.
- Delete the events_ and network_ indices by clicking trash can icon.