Ah Crowdstrike. One of the bigger problems we had at $company deploying the daemon to client servers was that there was (at the time) no config item to change the log file location. So we had a client who'd run out of disk space and IIRC Crowdstrike similarly refused to make any change. I think we "fixed it" by using GDB to change the outfile to a `grep -v` and into the same file.