|
Title: /dev/sda1/ / Full message Post by: Soldier on Saturday 03 July 2010, 07:55:59 pm Hi Guys,
This is my first post, though I am not new at using Endian. Recently I have started receiving emails from my firewall informing me that my / drive is getting full. This firewall in particular has been running from about the 25/05/2010, so about a month. This is what I see in my disk usage: Disk usage Device Mounted on Size Used Free Percentage /dev/sda1 / 495M 392M 78M 84% /dev/sda6 /var 1938M 90M 1751M 5% /dev/sda3 /var/efw 101M 5M 91M 6% /dev/sda5 /var/log 989M 25M 914M 3% I did configure intensive logging for SMTP proxy, but surely that would go to the log folder which seems fine. I am stumpt. Any suggestions to understand why my root drive is filling up. Thankx Title: Re: /dev/sda1/ / Full message Post by: aweinert on Tuesday 06 July 2010, 01:47:15 am Hi soldier,
first I you should find out which files are larger than 1MB (sort by size from biggest to the smallest file). Login via SSH an try this: Code: # find / -xdev -type f -size +2048 -exec du -h {} \; |sort -nrOr you should investigate which files has been modified between the last 10 (or more days) ordered by size. Code: # find / -xdev -type f -mtime -10 -print |du -h |sort -nr andreas Title: Re: /dev/sda1/ / Full message Post by: Soldier on Thursday 08 July 2010, 07:54:36 pm Hello Andreas,
Thank you for your reply. I did as you suggested but I dont seem to see many large files. I have attached a printout of the results from the find, sorting by the largest file first. As far as I can see the biggest file belongs to clam.cvd. I cant see these filling up the disk because in total they add up to about 140MB. 22M /usr/share/clamav/main.cvd 6.8M /usr/sbin/smbd 6.7M /usr/lib/libsmbclient.a 5.4M /usr/bin/net 5.2M /usr/sbin/winbindd 5.1M /etc/snort/processed.rules.old 5.1M /etc/snort/processed.rules 4.6M /usr/bin/smbpasswd 4.5M /usr/lib/samba/libnetapi.so.0 4.5M /usr/bin/smbcquotas 4.4M /usr/lib/samba/libsmbclient.so.0 4.4M /usr/lib/libsmbclient.so 3.5M /home/httpd/html/backup/backup-20100704024700-***.***.com-settings-db-logs-logarchive-cron.tar.gz 2.9M /home/httpd/html/backup/backup-20100627024701-***.***.com-settings-db-logs-logarchive-cron.tar.gz 2.7M /etc/snort/rules/auto/emerging-web_specific_apps.rules 2.6M /usr/bin/ntlm_auth 2.4M /usr/sbin/nmbd 2.4M /home/httpd/html/backup/backup-20100620024700-***.***.com-settings-db-logs-logarchive-cron.tar.gz 2.3M /usr/share/clamav/daily.cvd 2.2M /usr/sbin/dhcpd 2.2M /usr/lib/python2.4/site-packages/endian/ips/tests/data/etc/snort/rules/auto/emerging-web_sql_injection.rules 2.1M /lib/libnss_wins.so.2 2.0M /boot/vmlinuz-2.6.22.19-72.e18 1.7M /home/httpd/html/backup/backup-20100613150305-***.***.com-settings-db-logs-logarchive.tar.gz 1.6M /sbin/dhclient 1.5M /usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so 1.5M /usr/lib/libnss3.so 1.5M /usr/bin/pdbedit 1.5M /usr/bin/omshell 1.5M /lib/security/pam_smbpass.so 1.5M /etc/dnsmasq/spywaredomains.zones 1.4M /usr/lib/libxml2.so.2.6.26 1.4M /usr/lib/libnetsnmpmibs.so.15.1.2 1.3M /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Encode/JP/JP.so 1.3M /usr/lib/librpmdb-4.4.so 1.3M /usr/lib/libpython2.4.so.1.0 1.3M /usr/lib/libdns.so.16.0.0 1.2M /usr/lib/locale/locale-archive 1.2M /usr/lib/libntopreport-3.3 1.2M /usr/lib/libdb_cxx-4.3.so 1.2M /lib/tls/i486/libc-2.3.4.so 1.2M /lib/libcrypto.so.0.9.7a 1.1M /usr/sbin/amavisd 1.1M /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Encode/KR/KR.so 1.1M /usr/bin/smbstatus 1.1M /usr/bin/smbcontrol 1.1M /usr/bin/ldbsearch 1.1M /usr/bin/ldbmodify 1.1M /usr/bin/ldbedit 1.1M /usr/bin/ldbdel 1.1M /usr/bin/ldbadd 1.1M /lib/libdb-4.3.so 1.1M /lib/libc-2.3.4.so Thankx Title: Re: /dev/sda1/ / Full message Post by: aweinert on Monday 09 August 2010, 11:59:17 pm Hi Soldier,
sorry for my late reply. I was on holiday ;-) The size of your backup files are 10,5 mb (space 7%). Did you try the second command to find out which files were modified? andreas |