Unfortunately I found out that symbolic links doesn't fix the whole problem, that was a tiny /var/log partition. Any new file on /var/log will go to the 300MB partition, and in a matter of days/weeks we'll end up with no empty space, even if you have 80GB+ free space on /var. The messages and firewall files (big ones) are daily zipped on /var/log, and as they are new files they are not linked to the other log dir. With symlinks you should cron a daemon that daily moves the .gz to the other dir, create links, etc. etc. boring and not nice
Besides that, there is some problem with rrdtool collectd, that fills out the messages file in a matter of hours. In one day I got a 300MB messages file!!!
The best way could be GParted runned from LiveCD, but I neither have the time nor interest on wasting time on changing the partitions.
What I tried is to modify the /etc/fstab file to remove the /var/log partition, so this way /var/log will use the space on /var.
That file links partitions to system directories, so I changed /var/log linkage point. The drawback is that I lose those 300 megs, the good thing is that is easy to do:
1- Stop as much services as you can on Endian GUI (maybe left SSH)
2- On console, create a backup copy of /var/log: cp -p -r /var/log /var/logBackup. You alternatively can create a log backup on GUI (i think).
3- Edit fstab file: nano /etc/fstab. You will see the linkage for /var/log. Change the linkage to other dir. I changed /var/log to /var/log2. This way /var/log isn't a linkage point anymore, so it takes space from /var, the main partition plenty of space.
4- reboot
5- Copy the backed up log files. cp -p -r /var/logBackup /var/log. Or restore the backup from GUI.
6- reboot again
7- Delete backup logs: rm -R logBackup/ (step not needed if you backed up from GUI)
8- Re-enable all services on Endian GUI. Reboot if you want.
9- You can check on console that now the logs take space from /var, and not from the old /var/log. Use df -h command to see the free space.
Warning! This is a dirty not fully tested workaround!!! Maybe editing the fstab file wrecks something, so far I don't see anything strange.
But now I have the full 68GB to waste on logs, so I'm happy. I'll tell if I have any side effects on the firewall.
I had a lot of trouble with this. Maybe I did something wrong, as I have mentioned, I am no Linux guru, but this hosed up a LOT of things on the system. Since most of the .conf files point to /var/log a lot of things continued to write there while others broke altogether (httpd, snort, squid, and clam just to name a few). I changed the fstab file back the way it was and restored from the backup I made just before I started monkeying with it and things are back to "normal" just have the full log problem once more. Again, this could have been something I did, but I'm not about to try hacking on it again. I will wait for an official fix from Endian.
Author