Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 10 December 2024, 08:39:50 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  /var/log Full
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: 1 [2]  All Go Down Print
Author Topic: /var/log Full  (Read 119683 times)
danodemano
Full Member
***
Offline Offline

Gender: Male
Posts: 47


WWW
« Reply #15 on: Wednesday 21 October 2009, 04:35:23 am »

I will have to give it a try this evening when I get home.  It seems like a valid way of doing it and I don't really have anything to lose.  I have already gone through a re-install twice after hosing things up.
Logged
danodemano
Full Member
***
Offline Offline

Gender: Male
Posts: 47


WWW
« Reply #16 on: Thursday 22 October 2009, 11:25:32 am »

Unfortunately I found out that symbolic links doesn't fix the whole problem, that was a tiny /var/log partition. Any new file on /var/log will go to the 300MB partition, and in a matter of days/weeks we'll end up with no empty space, even if you have 80GB+ free space on /var. The messages and firewall files (big ones) are daily zipped on /var/log, and as they are new files they are not linked to the other log dir. With symlinks you should cron a daemon that daily moves the .gz to the other dir, create links, etc. etc. boring and not nice

Besides that, there is some problem with rrdtool collectd, that fills out the messages file in a matter of hours. In one day I got a 300MB messages file!!!

The best way could be GParted runned from LiveCD, but I neither have the time nor interest on wasting time on changing the partitions.

What I tried is to modify the /etc/fstab file to remove the /var/log partition, so this way /var/log will use the space on /var.
That file links partitions to system directories, so I changed /var/log linkage point. The drawback is that I lose those 300 megs, the good thing is that is easy to do:

1- Stop as much services as you can on Endian GUI (maybe left SSH)
2- On console, create a backup copy of /var/log:  cp -p -r /var/log /var/logBackup. You alternatively can create a log backup on GUI (i think).
3- Edit fstab file: nano /etc/fstab. You will see the linkage for /var/log. Change the linkage to other dir. I changed /var/log to /var/log2. This way /var/log isn't a linkage point anymore, so it takes space from /var, the main partition plenty of space.
4- reboot
5- Copy the backed up log files. cp -p -r /var/logBackup /var/log. Or restore the backup from GUI.
6- reboot again
7- Delete backup logs: rm -R logBackup/ (step not needed if you backed up from GUI)
8- Re-enable all services on Endian GUI. Reboot if you want.
9- You can check on console that now the logs take space from /var, and not from the old /var/log. Use df -h command to see the free space.

Warning! This is a dirty not fully tested workaround!!! Maybe editing the fstab file wrecks something, so far I don't see anything strange.
But now I have the full 68GB to waste on logs, so I'm happy. I'll tell if I have any side effects on the firewall.


I had a lot of trouble with this.  Maybe I did something wrong, as I have mentioned, I am no Linux guru, but this hosed up a LOT of things on the system.  Since most of the .conf files point to /var/log a lot of things continued to write there while others broke altogether (httpd, snort, squid, and clam just to name a few).  I changed the fstab file back the way it was and restored from the backup I made just before I started monkeying with it and things are back to "normal" just have the full log problem once more.  Again, this could have been something I did, but I'm not about to try hacking on it again.  I will wait for an official fix from Endian.
Logged
pwizard
Full Member
***
Offline Offline

Posts: 29


« Reply #17 on: Thursday 22 October 2009, 02:25:49 pm »

very easy to keep /var/log

change destination log to other partition -> /var

by edit /etc/syslog/syslog.conf.tmpl

good luck
Logged
Pages: 1 [2]  All Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com