Hello everyone, I am running a full scan of all hosts in the organization, which is about 12,000 hosts. I divided them into target lists of ~2,000 hosts and scan them one by one. GCE is installed in a container on a server with Debian 12, 8 cores, 4GB of memory. After scanning the first ~1,500 hosts, the scanner crashed due to lack of disk space (130GB). How can I clear the container cache, since reports alone can’t take up so much space?
This is not related to “clearing the container cache” as you say. You may try to adjust the default logging settings for each component, especially OpenVAS, which could have a significant impact on the disk usage. You should either execute shell commands into each container to change these settings manually or else adjust the docker-compose.yml file to load your custom configuration files at container startup.
Otherwise, I think your system is under resourced to accomplish your goals. 
Thanks! I looked, there are two log files that are growing:
/var/lib/docker/volumes/greenbone-community-edition_openvas_log_data_vol/_data/openvas.log
/var/lib/docker/containers//-json.log
Please tell me, what is the best way to solve this problem? I can clean them manually periodically or is it possible to somehow configure this in Docker? And what ram/cpu are best to choose for my number of hosts?
To reduce the openvas.log file you can adjust the docker-compose.yml file silghtly. In the `` section, you will see a line like this:
sed "s/127/128/" /etc/openvas/openvas_log.conf | sed 's/gvm/openvas/' > /mnt/openvas_log.conf
This does a couple commands, the first changes the default log level to debug, which will log much more activity. You can remove the first part of the command so that it only reads:
sed 's/gvm/openvas/' > /mnt/openvas_log.conf
Or if you don’t care about separating the gvmd and openvas logs, you can remove the entire line.
As for Docker, it depends on your configuration. You should consult the Docker docs. You can either set it up to use journald driver and then clear those logs with a cron, or use another native Docker log rotation.
1 Like