My system is fully slink. Today I had to investigate why the root partition on my computer was full. I think I found part of the reason: my /var/log directory contains 18.5 Mb of files!!!
-rw-r--r-- 1 root adm 7687296 Aug 30 18:16 wtmp -rw-r--r-- 1 postgres postgres 1877347 Aug 30 04:00 postgres.log -rw------- 1 root adm 1536024 Aug 30 18:15 faillog -rw-r----- 1 root adm 1194882 Aug 29 07:01 auth.log.0 -rw------- 1 root adm 781802 Aug 30 06:35 setuid.today -rw------- 1 root adm 781802 Aug 29 06:35 setuid.yesterday -rw-r----- 1 root adm 482172 Aug 30 18:16 auth.log -rw-r--r-- 1 root root 322952 Aug 30 18:15 lastlog -rw-r----- 1 root adm 236130 Aug 29 06:47 mail.info.0 wtmp: I don't understand why it should be so large for 294 entries: snoopy# last | wc 294 2788 22522 Thats 26kb per entry!!! Really??? If this really is the case, please tell me why each record is so large... faillog: same as above. postgres.log: I suspect this is large because I had DEBUG level 1 enabled. now disabled. :-) auth.log: contains lots of messages like: Aug 29 07:02:22 snoopy mgetty[25924]: init chat failed, exiting...: Interrupted system call Aug 29 07:02:22 snoopy mgetty[25924]: failed in mg_init_data, dev=ttyS3, pid=25924 This raises two questions: (1) why do mgetty and ppp messages go into auth.log? ppp messages use to go to ppp.log. The change in ppp.log has confused me on a number of occasions, where my PPP link is down, but ppp.log doesn't have any new messages. I haven't changed my /etc/syslog.conf in any way apart from upgrading when it has been changed up the upstream author. (2) Is it possible to have mgetty die siliently if the modem is not attached? setuid files are large because I have NFS root images. Any suggestions to limit the size? (I tend to think a number of files mentioned aren't really security issues, eg programs that are setgid games). Any comments for any of the above?? Thanks in advance. -- Brian May <[EMAIL PROTECTED]>
pgpqPrhWlDwpy.pgp
Description: PGP signature