You are not logged in.
Pages: 1
How big is / partition is suppose to be? I had used the default 7.5 GB, leave the machine running for a few weeks and now /var/log is taking over:
# du /var/log -hs
5.5G /var/log
I did do an update to the latest stuff using pacman... so what's going on is this suppose to happen?
I looked at the directory too but it looks like older logs are the compressed?
# ls /var/log/
ConsoleKit daemon.log everything.log.1 messages.log.1 user.log.1
auth.log daemon.log.1 everything.log.2 messages.log.2 user.log.2
auth.log.1 daemon.log.2 faillog old wtmp
auth.log.2 dmesg.log kernel.log pacman.log wtmp.1
btmp errors.log kernel.log.1 syslog.log
crond errors.log.1 kernel.log.2 syslog.log.1
crond.1 errors.log.2 lastlog syslog.log.2
crond.2 everything.log messages.log user.log
So I am gzipping everything ends with .1 and .2 manually now but this does not feel right am I missing something?
Last edited by Sunnz (2009-06-08 13:09:00)
Offline
It would help if you told us which logs are taking up all that space and what those are filled with.
Offline
I'd suggest moving to metalog, instead of using syslog-ng+logrotate - it removes the problem of using crond.
Offline
Right, I'll install logrotate right now.
# ls -lhS
total 3.2G
-rw-r----- 1 root log 823M 2009-05-31 00:02 everything.log.2
-rw-r----- 1 root log 823M 2009-05-31 00:02 kernel.log.2
-rw-r----- 1 root log 624M 2009-05-31 00:02 errors.log.2
-rw-r----- 1 root log 227M 2009-06-08 23:31 everything.log
-rw-r----- 1 root log 227M 2009-06-08 23:31 kernel.log
-rw-r----- 1 root log 200M 2009-05-31 00:02 messages.log.2
-rw-r----- 1 root log 172M 2009-06-08 23:31 errors.log
-rw-r----- 1 root log 55M 2009-06-08 23:31 messages.log
-rw-r----- 1 root log 20M 2009-06-07 00:02 everything.log.1.gz
-rw-r----- 1 root log 20M 2009-06-07 00:02 kernel.log.1.gz
-rw-r----- 1 root log 13M 2009-06-07 00:02 errors.log.1.gz
-rw-r----- 1 root log 5.3M 2009-06-07 00:02 messages.log.1.gz
-rw------- 1 root root 4.0M 2009-06-08 23:31 errors.log.2.gz
It is basically lots of errors... the last lines of the top 3 files above are the same:
# tail everything.log.2
May 31 00:02:02 myhost kernel: ata2: soft resetting link
May 31 00:02:02 myhost kernel: ata2.00: configured for MWDMA2
May 31 00:02:02 myhost kernel: ata2: EH complete
May 31 00:02:02 myhost kernel: ata2.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x6 frozen
May 31 00:02:02 myhost kernel: ata2.00: ST_FIRST: DRQ=1 with device error, dev_stat 0x49
May 31 00:02:02 myhost kernel: ata2.00: cmd a0/00:00:00:24:00/00:00:00:00:00/a0 tag 0 pio 36 in
May 31 00:02:02 myhost kernel: cdb 12 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00
May 31 00:02:02 myhost kernel: res 49/20:01:00:24:00/00:00:00:00:00/a0 Emask 0x2 (HSM violation)
May 31 00:02:02 myhost kernel: ata2.00: status: { DRDY DRQ ERR }
May 31 00:02:02 myhost kernel: ata2: soft resetting link
Offline
I'd suggest moving to metalog, instead of using syslog-ng+logrotate - it removes the problem of using crond.
Hmm I never heard of metalog... is the only advantage that you don't need to use crond or is there more to it?
Offline
metalog may be a good idea, but you should sort out the root cause first. My var is a separate 1G partition, and /var/log/ uses just 21M of that. There is nothing remotely normal about your setup there.
Offline
Ok may be a stupid question here... but it seems like logrotate have already set up here in crond? It was already installed, and all I had to do was to edit /etc/logrotate.conf to turn on compression? I know that it is more important to figure out the root cause, but I am totally lost here with syslogd and logrotate... is it normal that they are already installed or have I got something weird going on here?
Last edited by Sunnz (2009-06-08 13:53:58)
Offline
With default setup, logrotate runs daily two minutes after midnight. As such, it usually isn't run on desktop systems, which generally aren't on 24/7. The solution is to use anacron or fcron (which also fixes the issue with other cronjobs not being run - although I don't use any other on my desktops) or to use metalog - I find metalog to be generally a nicer solution than syslog-ng - it's easier to configure and offers configurable buffering and in-built logrotating.
As for your libata issue, I've seen topics with it. Search for it.
Offline
I have one question can I remove/delate the log files form /var/log safely?
I/m not talking about all of them
Last edited by SpeedVin (2009-06-08 14:24:42)
Shell Scripter | C/C++/Python/Java Coder | ZSH
Offline
I have one question can I remove/delate the log files form /var/log safely?
You can. Might be a good idea to restart the syslog-ng afterwards and any programs that don't use syslog, but log directly to /var/log - if you've deleted their logs, of course.
Offline
Pages: 1