Date: Fri, 15 Nov 2002 14:40:12 -0500 (EST) From: Jerry McAllister <jerrymc@clunix.cl.msu.edu> To: freebsd-questions@freebsd.org Subject: Re: I'm probably overlooking something really stupid but... Message-ID: <200211151940.gAFJeDc26781@clunix.cl.msu.edu>
next in thread | raw e-mail | index | archive | help
> Well, I apologize, I wasn't sure if you wanted to be bombarded with > that much of a help request. However, I feel like a bit of a newbie so > I will go ahead and be so humble as to ask. I've been running FreeBSD > on a secondary machine since early 98 in one form or another ... but > this just happens to be touching on an area I've yet to really explore. > I think I may have set up my syslog wrong because I don't think the > natd entries are getting logged right ... and I kinda wonder if that > doesn't play a roll. > > To give you an idea what I'm dealing with, this is the spam I'm > getting on my xterm: > > Nov 15 00:01:00 Lucretia /kernel: pid 197 (syslogd), uid 0 on /var: > file > system full > Nov 15 00:01:00 Lucretia /kernel: pid 197 (syslogd), uid 0 on /var: > file > system full > Nov 15 00:01:00 Lucretia /kernel: pid 197 (syslogd), uid 0 on /var: > file system full Well, this is already too late. It is just saying over and over again that your file system is full. It has, not doubt, even quit logging that by now, because it is too full. You need to get that log file cleaned out so you can get things running again. Then monitor the logs and see what is filling it up before it gets too full. If you have several /var/log/ messages files, rm some of the oldest ones to make room. If you only have one (you aren't rotating logs like you should) just nuke that one and do a touch on messages. Your /var partition is pretty small. You will have to keep close track of things and rotate out and delete old logs frequently with that small of a /var file system. The /var/db directory is kind of big too, but not as big as one some of our machines I just looked at. So, it is probably normal. You just need more space or need to keep a tighter reign on logs. ////jerry > Nov 15 00:02:50 Lucretia /kernel: pid 180 (natd), uid 0 on /var: file > system full > Nov 15 00:02:50 Lucretia /kernel: pid 180 (natd), uid 0 on /var: file > system full > Nov 15 00:05:37 Lucretia /kernel: pid 180 (natd), uid 0 on /var: file > system full > Nov 15 00:05:37 Lucretia /kernel: pid 180 (natd), uid 0 on /var: file > system full > Nov 15 00:14:31 Lucretia /kernel: pid 180 (natd), uid 0 on /var: file > system full > Nov 15 00:14:31 Lucretia /kernel: pid 180 (natd), uid 0 on /var: file > system full > Nov 15 00:24:26 Lucretia last message repeated 41 times > Nov 15 00:24:26 Lucretia last message repeated 41 times > Nov 15 00:34:39 Lucretia last message repeated 85 times > Nov 15 00:34:39 Lucretia last message repeated 85 times > Nov 15 00:43:46 Lucretia last message repeated 26 times > Nov 15 00:43:46 Lucretia last message repeated 26 times > Nov 15 00:54:11 Lucretia last message repeated 106 times > Nov 15 00:54:11 Lucretia last message repeated 106 times > Nov 15 01:04:17 Lucretia last message repeated 11 times > Nov 15 01:04:17 Lucretia last message repeated 11 times > Nov 15 01:14:27 Lucretia last message repeated 14 times > Nov 15 01:14:27 Lucretia last message repeated 14 times > Nov 15 01:24:37 Lucretia last message repeated 63 times > Nov 15 01:24:37 Lucretia last message repeated 63 times > > Lucretia# Nov 15 01:33:25 Lucretia last message repeated 6 times > Nov 15 01:33:25 Lucretia last message repeated 6 times > Nov 15 01:36:04 Lucretia /kernel: pid 180 (natd), uid 0 on /var: file > system full > Nov 15 01:36:04 Lucretia /kernel: pid 180 (natd), uid 0 on /var: file > system full > > Now, I've had it happen before where /var filled up and I got the > crap spammed out of me because of it and that was as I mentioned > because Apache was filling the httpd logs because some jackass was > trying IIS exploits. Regardless, that awas never a real issue and I > took down Apache anyway since then. > > This is what I get when I do df: > > Lucretia# df > Filesystem 1K-blocks Used Avail Capacity Mounted on > /dev/ad0s1a 198399 54224 128304 30% / > /dev/ad0s1f 2530542 2229103 98996 96% /usr > /dev/ad0s1e 99183 99068 -7819 109% /var > procfs 4 4 0 100% /proc > > And likewise this is what I get when I do du -sk * in /var: > > Lucretia# du -sk * > 1 account > 3 at > 9 backups > 2 crash > 2 cron > 562 db > 62 games > 1 heimdal > 489 log > 29 mail > 2 msgs > 1 preserve > 53 run > 1 rwho > 17 spool > 2 tmp > 20 yp > > ls -l in /var/log doesn't reveal anything of any real noticable > size ... so I'm getting kinda baffled. Again, if I find out I'm making > some stupid newbie mistake I won't be totally shocked since messing > with the logs and such is something I never really learned a great deal > about and, am right now as you can imagine kinda regretting since my > system is being weird and I seem to lack the level of comprehension > needed to figure it out. > > ANY thoughts on this would be apprechiated. > > -John > > > ----- Original Message ----- > From: "Jerry McAllister" <jerrymc@clunix.cl.msu.edu> > To: "J.M. Warenda" <warendaj@comcast.net> > Cc: "Jerry McAllister" <jerrymc@clunix.cl.msu.edu> > Sent: Thursday, November 14, 2002 11:23 AM > Subject: Re: I'm probably overlooking something really stupid but... > > > > > > > > Therein lay the problem, it's reporting like 1 meg of files ... > or > > > maybe I'm reading it wrong or something stupid *fears he may have a > > > "moment" here* ... df is reporting like 100 megs > > > > > > -John > > > > But you didn't say which files or show any 'df' or 'du' or 'ls -l' > output. > > It is imposible to guess what you are seeing - or maybenot > impossible, > > but I haven't honed any of my potential telepathic skills so am not > > able to pick up the waves. If it is a log file, did you try to > > look at the contents? > > > > ////jerry > > > --gAFJboT26771.1037389070/clunix.cl.msu.edu-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211151940.gAFJeDc26781>