Information

Information about logs sizing and rotation you can find in files in /etc/logrotate.d folder on the KWTS server.

The size of log files should be no more than:

How to fix

Actual result

kwts-traces log-file has frown to 4 GB:

Expected result

kwts-traces file no more than 500 mb

How to fix 

1. Be prepared that you will need to reboot the server and it will not process traffic while it is rebooting. And you need ssh-access to the KWTS server - https://support.kaspersky.com/KWTS/6.1/en-US/183526.htm
2. Make sure that trace lever is in "Error" mode - https://support.kaspersky.com/KWTS/6.1/en-US/174877.htm
3. Delete the largest log-files (in our case it is /var/log/kwts-traces) . 
4. If you need to clear additional disk space, you can delete large archive files if you are sure that you do not need the information in them
5. Reboot the KWTS server and make sure that the deleted large files (/var/log/kwts-traces) are recreated 
6. Find out in table above in what file we can find information about kwts-traces rotation . It is kwts-syslog
7. Execute following command
   logrotate -f -v /etc/logrotate.d/kwts-syslog &> logrotatef.log
8. Make sure that all log-files which described in /etc/logrotate.d/kwts-syslog file were rotated. (You can see which log files are described in this file in the table above)

What's next

Kindly monitor that previously broken files (kwts-traces) do not exceed 500-600 MB. If it continues to grow and is already 700 MB or more, then  run the command

/usr/sbin/logrotate -v -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf &> logrotatestatus.log

And send logrotatef.log file from step 6 and logrotatestatus.log file to Kaspersky Support.

And also send diagnostic info in "Debug" level. Do not forget to change it back to "Error" level - https://support.kaspersky.com/KWTS/6.1/en-US/174877.htm