Re: [expert] Deleting Logs
To truncate a log you could use > logfilename. This is the old 'create a 0 size file trick'. Applied to a log file it'll truncate the log to zero size but won't remove the log so any logging routines will continue to work. If you rm a log file some loggers esp. in other unix's give up and stop logging rather than re-creating the log. Regarding "what have logs got to do with security". If you regularly examine the logs for signs of faults or unusual behaviour (looking for open stable doors) that information is lost once the log is truncated. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Deleting Logs
On Mon, 18 Feb 2002 13:47, Nguyen Hung.Takeshi wrote: > pesarif wrote: > > On Sun, 17 Feb 2002 12:25, dfox wrote: > >>>My /var/log folder is getting fairly big (10 MB) and its growing quickly > >>>(this computer has only 660MB for Linux :( ). > >> > >>How fast is it filling up? How much is it going to be tomorrow, or > >>next week? > > > > Not very fast: I'd estimate about 100K a day. > > > >>/var should really be on a separate partition. That's not always > >>possible, of course. > > > > I agree but with only 660MB for Linux... :( > > > >>>My question is: is it safe to regularly delete logs (using just the rm > >>>command) or is there a "correct" way to do it? > >> > >>Well, the safe way is to kill -HUP the programs that are generating the > >>logs, rm (or trim) the logs, and then restart the logging programs. > >> That's basically what logrotate does. > > > > So I can safely delete _anything_ in /var/log? > > This is the thing that I'm really concerned about: Will I break anything > > by deleting? > > > >>Removing the logs is possible, but you might want to see what's in there > >>from time to time (otherwise, why bother to log?) so it's usually better > >>to trim them. So for instance if your logs are over a month old, you > >> could edit out all entries for December and/or January. > > > > I only need to look at the logs for the last 24 hours (it's not connected > > to the internet but is a LAN telnet, ftp, ssh and mail server :)). > > For a word, you can delete the logs if dont consider security . By the > way, your hdd is only 660MB in ONE partition. What happens when your > machine crashed ? Linux never crashes :) I reinstall if that happens but what do logs have to do with security? Thanks, pesarif Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Deleting Logs
On Sun, 17 Feb 2002, pesarif wrote:
> > > > My /var/log folder is getting fairly big (10 MB) and its growing
> > > > quickly (this computer has only 660MB for Linux :( ).
[snip]
> > That said, logrotate is the best way to do this, since it archives a
> > copy of your logs if needed. Which logs are you having throuble with?
> Just generally all of them because there isn't enough disk space.
>
You've probably tried these, but here are some other places that I clean
up:
/var/cache/urpmi -- contains update RPMs that, once installed, can be
deleted
/var/log/ -- if you really don't care about some logs, you can symlink
them to /dev/null. I don't recommend this though...
/var/spool/mail -- check for large mail accounts
/usr/lib/modules -- contains your kernel modules; if you've updated the
kernel and don't foresee dropping back to an old version, you can delete
the old modules directories
/usr/src/ -- can contain old versions of the kernel source tree
/usr/src/RPM/SOURCES -- if you build source RPMs, the sources appear
here and can be deleted once the binaries are built
/usr/src/RPM/RPMS -- subdirectories contain the binary RPMs
/tmp -- old ssh session files, other cruft
Other audits:
find / -size +1 -type f -exec ls -l {} \;|sort -k5 -n >bigFiles
Lists the largest files on your disk
find / -name "*.tmp" -type f
Repeat for *.log/old/rpmsave etc..
find / -name core -type f
Look for files that are coredumps. Do not delete your kcore files.
rpm -qa
Look for unneeded packages such as unneeded window managers,
applications that are never used, backgrounds, etc..
You probably don't need lots of devel packages if you don't often
build from source, etc..
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Re: [expert] Deleting Logs
pesarif wrote: > On Sun, 17 Feb 2002 12:25, dfox wrote: > >>>My /var/log folder is getting fairly big (10 MB) and its growing quickly >>>(this computer has only 660MB for Linux :( ). >>> >>How fast is it filling up? How much is it going to be tomorrow, or >>next week? >> >> > Not very fast: I'd estimate about 100K a day. > > >>/var should really be on a separate partition. That's not always >>possible, of course. >> >> > I agree but with only 660MB for Linux... :( > > >>>My question is: is it safe to regularly delete logs (using just the rm >>>command) or is there a "correct" way to do it? >>> >>Well, the safe way is to kill -HUP the programs that are generating the >>logs, rm (or trim) the logs, and then restart the logging programs. That's >>basically what logrotate does. >> >> > So I can safely delete _anything_ in /var/log? > This is the thing that I'm really concerned about: Will I break anything by > deleting? > > >>Removing the logs is possible, but you might want to see what's in there >>from time to time (otherwise, why bother to log?) so it's usually better >>to trim them. So for instance if your logs are over a month old, you could >>edit out all entries for December and/or January. >> > I only need to look at the logs for the last 24 hours (it's not connected to > the internet but is a LAN telnet, ftp, ssh and mail server :)). > For a word, you can delete the logs if dont consider security . By the way, your hdd is only 660MB in ONE partition. What happens when your machine crashed ? -- Takeshi's small space http://donganh16.tk/ Join KDE-i18n-Vi? http://vi.i18n.kde.org VYSA: http://vysasports.vngate.net/ Vietlug: http://vietlug.sourceforge.net 9:10pm up 8:06, 4 users, load average: 0.33, 0.20, 0.11 Money cannot buy love, nor even friendship. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Deleting Logs
On Sun, 17 Feb 2002 00:04, [EMAIL PROTECTED] wrote: > On Sat, 16 Feb 2002, Nguyen Hung.Takeshi wrote: > > pesarif wrote: > > > Hello, > > > > > > My /var/log folder is getting fairly big (10 MB) and its growing > > > quickly (this computer has only 660MB for Linux :( ). > > > > > > My question is: is it safe to regularly delete logs (using just the rm > > > command) or is there a "correct" way to do it? > > > > > > Surely, there is a special program to do this (that's more > > > user-friendly than logrotate)? > > > > Sure, you can create a cron job run every day to delete them: > > > > for example > > > > man crontab > > rm -rf /var/log/cron* > > echo "" > /var/log/cron > > rm -rf /var/log/messages.* > > echo "" > /var/log/messages > > > > To the OP: > Using the echo as in the example above is a good idea. Lots of problems > can be caused by just doing an rm. > > That said, logrotate is the best way to do this, since it archives a > copy of your logs if needed. Which logs are you having throuble with? Just generally all of them because there isn't enough disk space. Thanks, pesarif Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Deleting Logs
On Sun, 17 Feb 2002 12:25, dfox wrote: > > My /var/log folder is getting fairly big (10 MB) and its growing quickly > > (this computer has only 660MB for Linux :( ). > > How fast is it filling up? How much is it going to be tomorrow, or > next week? > Not very fast: I'd estimate about 100K a day. > /var should really be on a separate partition. That's not always > possible, of course. > I agree but with only 660MB for Linux... :( > > My question is: is it safe to regularly delete logs (using just the rm > > command) or is there a "correct" way to do it? > > Well, the safe way is to kill -HUP the programs that are generating the > logs, rm (or trim) the logs, and then restart the logging programs. That's > basically what logrotate does. > So I can safely delete _anything_ in /var/log? This is the thing that I'm really concerned about: Will I break anything by deleting? > Removing the logs is possible, but you might want to see what's in there > from time to time (otherwise, why bother to log?) so it's usually better > to trim them. So for instance if your logs are over a month old, you could > edit out all entries for December and/or January. I only need to look at the logs for the last 24 hours (it's not connected to the internet but is a LAN telnet, ftp, ssh and mail server :)). Thanks, pesarif Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Deleting Logs
> My /var/log folder is getting fairly big (10 MB) and its growing quickly > (this computer has only 660MB for Linux :( ). How fast is it filling up? How much is it going to be tomorrow, or next week? /var should really be on a separate partition. That's not always possible, of course. > My question is: is it safe to regularly delete logs (using just the rm > command) or is there a "correct" way to do it? Well, the safe way is to kill -HUP the programs that are generating the logs, rm (or trim) the logs, and then restart the logging programs. That's basically what logrotate does. Removing the logs is possible, but you might want to see what's in there from time to time (otherwise, why bother to log?) so it's usually better to trim them. So for instance if your logs are over a month old, you could edit out all entries for December and/or January. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Deleting Logs
On Sat, 16 Feb 2002, Nguyen Hung.Takeshi wrote: > pesarif wrote: > > > Hello, > > > > My /var/log folder is getting fairly big (10 MB) and its growing quickly > > (this computer has only 660MB for Linux :( ). > > > > My question is: is it safe to regularly delete logs (using just the rm > > command) or is there a "correct" way to do it? > > > > Surely, there is a special program to do this (that's more user-friendly than > > logrotate)? > > > > > Sure, you can create a cron job run every day to delete them: > > for example > > man crontab > rm -rf /var/log/cron* > echo "" > /var/log/cron > rm -rf /var/log/messages.* > echo "" > /var/log/messages > > To the OP: Using the echo as in the example above is a good idea. Lots of problems can be caused by just doing an rm. That said, logrotate is the best way to do this, since it archives a copy of your logs if needed. Which logs are you having throuble with? Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Deleting Logs
pesarif wrote: > Hello, > > My /var/log folder is getting fairly big (10 MB) and its growing quickly > (this computer has only 660MB for Linux :( ). > > My question is: is it safe to regularly delete logs (using just the rm > command) or is there a "correct" way to do it? > > Surely, there is a special program to do this (that's more user-friendly than > logrotate)? > Sure, you can create a cron job run every day to delete them: for example man crontab rm -rf /var/log/cron* echo "" > /var/log/cron rm -rf /var/log/messages.* echo "" > /var/log/messages -- Takeshi's small space http://donganh16.tk/ Join KDE-i18n-Vi? http://vi.i18n.kde.org VYSA: http://vysasports.vngate.net/ Vietlug: http://vietlug.sourceforge.net Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] Deleting Logs
Hello, My /var/log folder is getting fairly big (10 MB) and its growing quickly (this computer has only 660MB for Linux :( ). My question is: is it safe to regularly delete logs (using just the rm command) or is there a "correct" way to do it? Surely, there is a special program to do this (that's more user-friendly than logrotate)? Thanks, pesarif Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
