How to free up Nessus disk space
Your Nessus is running on a C drive and suddenly you see that C drive is totally full. On that point you don’t know what to do I mean how you free up disk space on that time. This blog will explain that.
Nessus is required to have at least 30GB (Actually 100 GB is needed if you scan aroung 100+ hosts within an interval of 3 months) allocated solely to this installation. So you should design your drive sizing in such a way so that it have lots of space to support Nessus.
If the file system is running out of disk space it is recommended to perform one of the following if you do not want to troubleshoot. If you want to troubleshoot and delete unnecessary log and report files, then you will not be required to do the following:
A. Increase the drive size.
B. Migrate Nessus to another host with more disk space than is allocated on your current system.
C. Remove the other software installed on this host and put it on another partition
So for troubleshoot you should check below steps:
- Clear temp folder unnecessary files.
- Check your Download or Document or Desktop folder taking unnecessary files or not. For example, you had downloaded some movies but you forgot to delete those.
Now come to the Nessus side for troubleshoot directly:
- It is recommended by Nessus that you stop the Tenable Nessus service before deleting anything. Open run>services.msc
Stop Nessus service. Once you are done, then start it again.
2. Check the main log file within Nessus logs (C:\ProgramData\Tenable\Nessus\nessus\logs) which is the nessusd.messages file. If this keeps extraordinarily growing, the primary cause for this would likely be one of two settings (As per Nessus community) being enabled in your scans, “Log Scan details to Server” and “Enable Plugin Debugging” both located under the Advanced → Debug Settings of your scan policy. These settings (If found on the modern version of Nessus. I did not find those settings in my modern version) are important should you ever need to perform some in-depth troubleshooting of your scans, however, you do not want to have them enabled on a regular basis as they will utilize a lot of space. If you are certain that you did not enable this logging, then you need not worry to delete the nessusd.messages files. The nessusd.messages file automatically rotates to nessusd.messages.0, nessusd.messages.1, etc. when it reaches to 1 GB as the file size. There is no way within the Nessus UI to purge the old nessusd.messages.* log files, however, you can adjust this behavior in Nessus configuration files. See How to manage Nessus log size and rotation
3. You may wish to remove old scan data to free up disk space. When removing old scans it is best to remove them via the User Interface meaning you log in to Nessus with your user then delete. You can export them (By clicking on Report or Export tab) to Nessus, HTML, CSV, and Nessus DB formats before deleting them from the User Interface. You can open up the history tab on any scan and use the checkboxes to delete scans in bulk for a more granular approach if you do not wish to delete the entire scan from Nessus. See the below image.
From here you can delete the scan results (history) then the corresponding files will also removed from the disk. Also remove scans from Trash. For example, when you delete the Apexone New scan item, then it will move to trash. Delete them from there as well.
Logs:
Linux Log location:
# /opt/nessus/var/nessus/logsWindows Log location:
> C:\ProgramData\Tenable\Nessus\nessus\logs- The www_server.log is the active web server log file that can grow quite large but should not be removed. But you can check the content of this file. If it is needed then keep it otherwise delete it. Most of the cases this is not required.
- The www_server.log.* files can be compressed or removed.
- The *.log & nessusd.messages from the logs folder can be deleted. The log files will be recreated by Nessus.
Another way is delete inactive users from Nessus to save space. Removing a user by logging in as the admin and clicking Settings > Users will remove their user folder from the file system. That user folder typically contains auth, reports, TMP, and file directories. All of the scans and reports for the user are under the reports directory.
Linux:
# /opt/nessus/var/nessus/users/<username>Windows:
> C:\ProgramData\Tenable\Nessus\nessus\users\<username>NOTE: Deleting a user will delete their shared scans.
NOTE: Do not delete the reports folder manually. Obtain permission from the user prior to deleting their scans.
If you delete the content from the reports folder then your disk size will be increased dramatically. But you will not get any data on your previous completed scan. But scan profile will be there. For the data to be populated again, you need to re-run the scan.
See no data here because I deleted all the files from the reports folder.
Thanks. I hope this will help you to increase disk space on the drive where Nessus is running. If you find this blog useful please subscribe below.
LinkedIn:
https://www.linkedin.com/in/md-mahimbin-firoj-7b8a5a113/
YouTube:
