-
Title
How-to Remove Previously Generated Reports -
Description
Previously generated reports on the Syslog-ng Store Box (SSB) need to be removed to clear up space on the SSB. -
Cause
Daily, weekly, monthly, yearly, and other generated reports can accrue over time and take up space on the Syslog-ng Store Box (SSB). -
Resolution
*NOTE* This process will remove ALL generated reports from the Syslog-ng Store Box (SSB), please backup any reports that are desired not to be deleted before continuing with the steps below:
1.) Log into the core-shell of the Syslog-ng Store Box (SSB) via the console.
2.) Delete reports currently stored on the SSB.
2a. Reports older than ... (eg. 90days)
find /opt/ssb/var/reports -name *.pdf -ctime +90 -delete2b. All reports
find /opt/ssb/var/reports -name *.pdf -delete3.) Proceed only if 'Reports older than ...' option was selected, otherwise continue with step 4.
Get the current time's UNIX timestamp on the retention day. (Now - 90 days)date +%s --date -90days4.) Next, launch sqlite3 on the report.db to remove the reports from showing in the WebUI. To do so please run the following command:
sqlite3 /opt/ssb/var/sql/report.db5.) Next, run the following command to ensure the "reports" table shows and that there is data within the table:SELECT * FROM reports;6.) Next, run the following command to remove entries of previous reports on the SSB.
6a. Reports older than ... (eg. 90days)
Replace TIMESTAMP with the result of Step 3.DELETE FROM reports where session_end < TIMESTAMP;
6b. All reports
DELETE FROM reports;7.) Next, exit sqlite3 by running the following command:.exit8.) Next, restart the makeworld service to ensure the reports.db is re-analyzed by the SSB.
systemctl restart makeworld9.) Log out of the core-shell and of the console.10.) Log in to the WebUI of the SSB and navigate to Reports > Generated reports.11.) No reports should show as all previous reports have now been removed.