Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 22 November 2024, 01:27:57 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14258 Posts in 4377 Topics by 6516 Members
Latest Member: DaveH
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  Installation Support
| | |-+  /dev/sda1/ / Full message
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: /dev/sda1/ / Full message  (Read 18225 times)
Soldier
Jr. Member
*
Offline Offline

Posts: 2


« on: Saturday 03 July 2010, 07:55:59 pm »

Hi Guys,

This is my first post, though I am not new at using Endian. Recently I have started receiving emails from my firewall informing me that my / drive is getting full. This firewall in particular has been running from about the 25/05/2010, so about a month. This is what I see in my disk usage:
Disk usage
Device Mounted on Size Used Free Percentage
/dev/sda1 /          495M 392M 78M    84%
/dev/sda6 /var      1938M 90M 1751M    5%
/dev/sda3 /var/efw      101M 5M 91M    6%
/dev/sda5 /var/log       989M 25M 914M  3%

I did configure intensive logging for SMTP proxy, but surely that would go to the log folder which seems fine.

I am stumpt. Any suggestions to understand why my root drive is filling up.

Thankx
 
Logged
aweinert
Jr. Member
*
Offline Offline

Posts: 3


« Reply #1 on: Tuesday 06 July 2010, 01:47:15 am »

Hi soldier,

first I you should find out which files are larger than 1MB (sort by size from biggest to the smallest file). Login via SSH an try this:

Code:
#  find / -xdev -type f -size +2048 -exec du -h {} \; |sort -nr

Or you should investigate which files has been modified between the last 10 (or more days) ordered by size.

Code:
# find / -xdev -type f -mtime -10 -print |du -h |sort -nr


andreas
Logged
Soldier
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Thursday 08 July 2010, 07:54:36 pm »

Hello Andreas,

Thank you for your reply. I did as you suggested but I dont seem to see many large files. I have attached a printout of the results from the find, sorting by the largest file first. As far as I can see the biggest file belongs to clam.cvd. I cant see these filling up the disk because in total they add up to about 140MB.

22M     /usr/share/clamav/main.cvd
6.8M    /usr/sbin/smbd
6.7M    /usr/lib/libsmbclient.a
5.4M    /usr/bin/net
5.2M    /usr/sbin/winbindd
5.1M    /etc/snort/processed.rules.old
5.1M    /etc/snort/processed.rules
4.6M    /usr/bin/smbpasswd
4.5M    /usr/lib/samba/libnetapi.so.0
4.5M    /usr/bin/smbcquotas
4.4M    /usr/lib/samba/libsmbclient.so.0
4.4M    /usr/lib/libsmbclient.so
3.5M    /home/httpd/html/backup/backup-20100704024700-***.***.com-settings-db-logs-logarchive-cron.tar.gz
2.9M    /home/httpd/html/backup/backup-20100627024701-***.***.com-settings-db-logs-logarchive-cron.tar.gz
2.7M    /etc/snort/rules/auto/emerging-web_specific_apps.rules
2.6M    /usr/bin/ntlm_auth
2.4M    /usr/sbin/nmbd
2.4M    /home/httpd/html/backup/backup-20100620024700-***.***.com-settings-db-logs-logarchive-cron.tar.gz
2.3M    /usr/share/clamav/daily.cvd
2.2M    /usr/sbin/dhcpd
2.2M    /usr/lib/python2.4/site-packages/endian/ips/tests/data/etc/snort/rules/auto/emerging-web_sql_injection.rules
2.1M    /lib/libnss_wins.so.2
2.0M    /boot/vmlinuz-2.6.22.19-72.e18
1.7M    /home/httpd/html/backup/backup-20100613150305-***.***.com-settings-db-logs-logarchive.tar.gz
1.6M    /sbin/dhclient
1.5M    /usr/lib/perl5/5.8.5/i386-linux-thread-multi/CORE/libperl.so
1.5M    /usr/lib/libnss3.so
1.5M    /usr/bin/pdbedit
1.5M    /usr/bin/omshell
1.5M    /lib/security/pam_smbpass.so
1.5M    /etc/dnsmasq/spywaredomains.zones
1.4M    /usr/lib/libxml2.so.2.6.26
1.4M    /usr/lib/libnetsnmpmibs.so.15.1.2
1.3M    /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Encode/JP/JP.so
1.3M    /usr/lib/librpmdb-4.4.so
1.3M    /usr/lib/libpython2.4.so.1.0
1.3M    /usr/lib/libdns.so.16.0.0
1.2M    /usr/lib/locale/locale-archive
1.2M    /usr/lib/libntopreport-3.3
1.2M    /usr/lib/libdb_cxx-4.3.so
1.2M    /lib/tls/i486/libc-2.3.4.so
1.2M    /lib/libcrypto.so.0.9.7a
1.1M    /usr/sbin/amavisd
1.1M    /usr/lib/perl5/5.8.5/i386-linux-thread-multi/auto/Encode/KR/KR.so
1.1M    /usr/bin/smbstatus
1.1M    /usr/bin/smbcontrol
1.1M    /usr/bin/ldbsearch
1.1M    /usr/bin/ldbmodify
1.1M    /usr/bin/ldbedit
1.1M    /usr/bin/ldbdel
1.1M    /usr/bin/ldbadd
1.1M    /lib/libdb-4.3.so
1.1M    /lib/libc-2.3.4.so

Thankx
Logged
aweinert
Jr. Member
*
Offline Offline

Posts: 3


« Reply #3 on: Monday 09 August 2010, 11:59:17 pm »

Hi Soldier,

sorry for my late reply. I was on holiday ;-)

The size of your backup files are 10,5 mb (space 7%).

Did you try the second command to find out which files were modified?

andreas
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com