Abdelrazak Younes <[EMAIL PROTECTED]> writes: > Jürgen Spitzmüller wrote: >> rgheck wrote: >>> On attempting to reach bugzilla, I can get to the front page, but not >>> anywhere else. >> >> The disk space issue strikes back. > > I see that /var is mounted on a tiny disk (/dev/md3). Why not transfer > that to /dev/md4 which has plenty of space?
It seems indeed that the diskspace exists. I am not sure though that the problem is only that. Consider for example [EMAIL PROTECTED] logwatch]# pwd /var/cache/logwatch [EMAIL PROTECTED] logwatch]# du 361000 ./logwatch.3mtpH7cl 335216 ./logwatch.8uFg5Nmz 696224 . [EMAIL PROTECTED] logwatch]# cd ./logwatch.8uFg5Nmz [EMAIL PROTECTED] logwatch.8uFg5Nmz]# ls -l --si total 344M -rw------- 1 root root 84k Jan 15 04:08 cron -rw------- 1 root root 524k Jan 15 04:08 cron-archive -rw------- 1 root root 5.0M Jan 15 04:09 http -rw------- 1 root root 115M Jan 15 04:08 http-archive -rw------- 1 root root 396k Jan 15 04:05 maillog -rw------- 1 root root 57M Jan 15 04:05 maillog-archive -rw------- 1 root root 178k Jan 15 04:08 messages -rw------- 1 root root 65M Jan 15 04:06 messages-archive -rw------- 1 root root 93k Jan 15 04:06 secure -rw------- 1 root root 4.6M Jan 15 04:06 secure-archive -rw------- 1 root root 32M Jan 15 04:09 sonicwall -rw------- 1 root root 65M Jan 15 04:09 sonicwall-archive -rw------- 1 root root 0 Jan 15 04:08 vsftpd -rw------- 1 root root 3.5k Jan 15 04:08 xferlog -rw------- 1 root root 24k Jan 15 04:08 xferlog-archive There are 100M of data a day in sonicwall files because we are kind of attacked from Brazil: [EMAIL PROTECTED] logwatch.8uFg5Nmz]# tail sonicwall Jan 12 23:43:30 aussie vsftpd(pam_unix)[8989]: check pass; user unknown Jan 12 23:43:30 aussie vsftpd(pam_unix)[8989]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=201.48.158.12 Jan 12 23:43:33 aussie vsftpd(pam_unix)[8989]: check pass; user unknown Jan 12 23:43:33 aussie vsftpd(pam_unix)[8989]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=201.48.158.12 Jan 12 23:43:36 aussie vsftpd(pam_unix)[8989]: check pass; user unknown Jan 12 23:43:36 aussie vsftpd(pam_unix)[8989]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=201.48.158.12 Jan 12 23:43:39 aussie vsftpd(pam_unix)[8989]: check pass; user unknown Jan 12 23:43:39 aussie vsftpd(pam_unix)[8989]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=201.48.158.12 Jan 12 23:43:42 aussie vsftpd(pam_unix)[8989]: check pass; user unknown Jan 12 23:43:42 aussie vsftpd(pam_unix)[8989]: authentication failure; logn [EMAIL PROTECTED] logwatch.8uFg5Nmz]# host 201.48.158.12 12.158.48.201.in-addr.arpa domain name pointer 201-048-158-012.static.netsite.com.br. This may be routine, but should we nevertheless configure logwatch to output less data? Do do we have to live with huge logs? The httpd log is large too, but everything looks normal in it. I deleted the archive of the cvslog mailing list. Considering the transfer of /var elsewhere, I am definitely not able to do that myself on a live system. JMarc
