Storage Best Practices

The following are some of the storage best practices that you can follow in Tenable Security Center:

Generated report housekeeping is encouraged as these files do not age out and need to be manually removed. Old reports unnecessarily consume a considerable amount of disk space. You can adjust the Data Expiration Settings and the default value is 365 days.

It is a good practice to store the backup of Tenable Security Center on a backup server other than where it is installed. This not only assists in freeing up disk space, but also avoids a single point of failure.

Overall, storage housekeeping is essential to maintain Tenable Security Center's performance, security, and overall health. It promotes efficiency, stability, and a positive user experience while reducing potential risks and issues.

For better understanding what Tenable Security Center logs consist of and to assist the administrator in decision-making on log file deletion and archiving, the following articles describe log file contents, which files can be removed, and how to delete them in detail:

Archiving depends on your organization's policy. Tenable recommends that you can keep at least two months' worth of logs while archiving at least one year period of logs to free up disk space and storing it to a secured backup server for future use.

Steps to Archive Logs

In this example, the Administrative logs for March 2023 and April 2023 is archived.

  1. Navigate to the Administrative logs directory and run the command to archive the logs:

    Copy 
    #cd /opt/sc/admin/logs
    #tar -zcvf Archived-File-Name.tar.gz YYYYMM.log YYYYMM.log

  2. Move these files to the backup server.

Steps to Unarchive Logs

In this example, the Administrative logs for March 2023 and April 2023 is unarchived.

  1. Move the Archived-File-Name.tar.gz file to the Administrative logs directory.

  2. Browse through the Administrative logs directory where the archived file was moved, then run the command to unarchive the logs.

    Copy 
    #tar -xzvf Archived-File-Name.tar.gz

Cron Job and Disk Space Clean-up Suggestions

Periodically, the Tenable Security Center may encounter instances of insufficient disk space. In such situations, Tenable recommends that you adhere to these recommendations to clean up the outdated data.

Tip: Tenable recommends that the Tenable Security Center folder is routinely cleaned up every 30 days to ensure that the disk space does not grow out of control.

The following files are safe to be removed:

  • The leftover feed.xxxxx files in the directory /opt/sc/data.

Tenable Security Center generates the feed files during the feed update and these are removed when the feed update completes. If such files are present, it indicates that there might be connection issues to the feed server. These files are safe to be removed. Only the most current file must not be removed.

It is safe to remove the feed.xxxxx file, which is more than one hour. If a feed update is in progress, then you cannot remove that file.

For a list of files that can be safely removed, see the What Touch Debug Files Are Safe to Delete? knowledge base article.

The following are some other files that you can remove:

  • Older application.db and plugins.db under /opt/sc.

  • Older log files and touch debugging files.