SafeLine is a WAF powered by a semantic analysis engine, unlike traditional signature-based solutions. It's self-hosted and very easy to deploy & configure.
I. Where Your Space Went
SafeLine WAF continuously records various security data while protecting your website. There are two main "repositories" that occupy space:
1. Protection Log Repository (Database)
- Content: Attack records, anti-bot verification logs, access statistics, etc.
- Storage Location: Managed by PostgreSQL database by default, path is
/data/safeline/resources/postgres/data - Reason for Overflow: Logs not cleared for a long time, especially during high-frequency attacks when data grows rapidly
2. Container Toolbox (Docker)
- Content: Images and temporary files required for SafeLine operation
- Storage Location:
/var/lib/docker - Reason for Overflow: Old images not deleted after multiple upgrades, or abnormal residual files accumulation
II. How to Clean Up
Method 1: Console One-Click Cleanup (Recommended for Beginners)
Clean up through the web UI, safe and intuitive:
- Login to SafeLine Console → System Settings → Data Cleanup
- Set retention time:
- Recommended to set 7 days initially (retain the last week's logs, can be adjusted later)
- Immediate effect: Cleanup triggers automatically after saving, just wait for completion
⚠️ Note:
Cleanup time depends on log volume, temporary lag may occur, don't repeat the operation!
Logs cannot be recovered after cleanup!
Method 2: Command Line Complete Cleanup (Efficient but Use with Caution)
If log volume is extremely large or cleanup fails on the SafeLine console, use command for forced cleanup:
# Clean all security logs (immediate effect, irreversible!)
docker exec safeline-mgt cleanlogs
Operation example:
# After executing the cleanup command, you'll see the following information
[INFO] Clearing logs...
[INFO] Truncating detect log...
[INFO] Truncating event...
[INFO] Truncating statistics...
[INFO] Done
III. Preventing Space Running Out — Regular Maintenance Tips
1. Set automatic cleanup cycle:
System → Cleas Data → Select clean data after 7 Days to enable automatic cleanup
2. Regular image cleanup:
- During manual upgrades, old version images aren't automatically deleted.
Execute the following command to delete all Docker images belonging to chaitin/safeline or chaitin-safeline repository with <none> tags (usually old versions or dangling images):
bash -c "[ $(docker images | grep chaitin[/-]safeline | grep -c none) == 0 ] || docker images | grep chaitin[/-]safeline | grep none | awk '{print \$3}' | xargs docker rmi"
IV. FAQ
Q: Will cleaning logs affect protection functionality?
A: No. Only historical records are cleaned, real-time protection will not be affected.
Q: What if important logs are accidentally deleted?
A: Regular database backups or snapshots can help recover.
Q: Will wrong images be deleted?
A: No. The command specifically deletes SafeLine images, other software is unaffected.
Following these steps, you can quickly free up SafeLine WAF's disk space! If you still encounter issues, it's recommended to save screenshots of any error messages and contact official technical support.
Top comments (0)