I have zero retention on purpose to see how fast the data drive grows. I am not doing full packet cap or Bro logging. I set retention in Kafka to 1 hr (only because I had to) the data drive still filled up and didn’t seem to purge out.
Also curious, should Kafka and/or Zeek/Suricata get purged on a default timing/size (say normal install). Watched my Kafka (10mbps) over the course of 24hrs increase. Was expecting either one or all to purge at set points. Not sure where to check for Kafka retention periods at this time.