Can I delete all the Linux log files or some of them? They are consuming a lot of disk space

Hi,

Just wondering if it's safe to delete some or all of the log files? Maybe back them up? They are consuming a lot of disk space on my VPS.

Should I be running some script to only save the latest logs from the server and limit the log files? If so, how do I do that?

I'm on Centos 5.9.

I ran this:

 du -a /var | sort -n -r | head -n 10
... (meaning there were a bunch of permission denied directories)
du: cannot read directory `/var/empty/sshd': Permission denied
du: cannot read directory `/var/lib/mysql': Permission denied
du: cannot read directory `/var/lib/dav': Permission denied
du: cannot read directory `/var/lib/dovecot': Permission denied
du: cannot read directory `/var/lib/mlocate': Permission denied
du: cannot read directory `/var/lib/pgsql': Permission denied
5990632 /var
2745120 /var/log
2579472 /var/spool
2579428 /var/spool/repackage
1711924 /var/log/brcm-iscsi.log
808244  /var/log/btmp
417972  /var/lib
200108  /var/log/chkservd.log
182264  /var/cpanel
118796  /var/cpanel/perl

Open in new window



Thank you<><
Victor
Victor KimuraSEO, Web DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Nick UpsonPrincipal Operations EngineerCommented:
you should have logrotate running, that will rotate the logs and remove them depending upon its configuration. that way you have the most recent logs only
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Naranthiran DSystem AdministratorCommented:
The user does not have full rights to access the directory or the file.

Run the command with administrative privilege(root) it should work fine..
0
serialbandCommented:
Your logrotate should also have been set to compress the files.  I would suggest you peruse them to see why they're so big.  Unless you run a very active server, your logs should not be   You might have a problem that's filling the logs with information that you should be aware of.

Also, your /var/spool/repackage is quite large.  Try yum clean all  to remove them.  You don't need to keep yum packages around forever after you've updated.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

gheistCommented:
I would be more worried about what hides in /var/spool
If you have *ANY* log rotation package installed, it is fairly likely it chops logs weekly and keeps some old logs around, so they dont grow to the sky.

Before deleting run lsof /vat/log/whatever.log - you will need to restart process that keeps log open before deleting.
It is much safer to truncate logs:
:>whatever.log
0
serialbandCommented:
Your /var/log/brcm-iscsi.log seem big too.  Do you have lots of iSCSI error messages.  Maybe it isn't be rotated and you have too many old entries.  I suggest clearing that out.
0
Victor KimuraSEO, Web DeveloperAuthor Commented:
Hi all,

Thanks for all the feedback. Can you tell me what you fellows have for your log configuration? What commands do I use or scripts to rotate logs properly?

@gheist, you mentioned a log rotation pacakge. Which one? Command(s) to run? Still new to the linux admin stuff a bit.
@gheist, you mentioned before I delete any logs then I would need to restart a process? What process? What command(s) before deleting?

@serilalband mentioned run yum clean all. Any other commands suggested?

Thank you.
0
Nick UpsonPrincipal Operations EngineerCommented:
check you have a package called logrotate installed, if you do check its called from cron
0
serialbandCommented:
Have you run yum clean all?  Did /var/spool/repackage empty out?  If not, you could just remove the rpms in there if you aren't actively running an update.  You don't need to keep them after the update.  Have you cleared out your /var/log/brcm-iscsi.log file yet?    Those 2 combined are more than 2/3 of the space in /var

You can worry about the logrotate after you clear those out first.  Logrotate should be on Linux/BSD/OSX now and enable by default.  You can easily tell that you have it if you have logs followed by numbers and/or gz.

For example:
ls syslog*
syslog      syslog.1  syslog.2.gz  syslog.3.gz  syslog.4.gz  syslog.5.gz  syslog.6.gz  syslog.7.gz
0
Victor KimuraSEO, Web DeveloperAuthor Commented:
@serialband, ok. I just deleted all the *.rpm files in the /var/spool/repackage. Also deleted /var/log/brcm-iscsi.log.

I have WHM/cPanel. Are there any know problems/issues with running yum clean all?

---
Ok, thanks, NickUpson. Just reading this on the logrotate:
http://articles.slicehost.com/2010/6/30/understanding-logrotate-on-centos-part-1

I have this in the /var folder re. disk usage:
root@ip-184-168-116-73 [/var/log]# du -a /var | sort -n -r | head -n 10         28511228        /var
27194204        /var/lib
26739776        /var/lib/mysql
1049608 /var/lib/mysql/mysql-bin.000024
1049608 /var/lib/mysql/mysql-bin.000022
1049608 /var/lib/mysql/mysql-bin.000021
1049608 /var/lib/mysql/mysql-bin.000020
1049608 /var/lib/mysql/mysql-bin.000019
1049608 /var/lib/mysql/mysql-bin.000018
1049608 /var/lib/mysql/mysql-bin.000017

Open in new window


Should I delete the files like /var/lib/mysql/mysql-bin.000024, etc?

Looks like I have logrotate.
cd /etc/cron.daily
root@ip-184-168-116-73 [/etc/cron.daily]# ls -al
total 36
drwxr-xr-x  2 root root  4096 Oct 11  2013 ./
drwxr-xr-x 80 root root 12288 Sep 25 17:45 ../
-rwxr-xr-x  1 root root   180 Jun  4  2012 logrotate*
-rwxr-xr-x  1 root root   418 May 30  2012 makewhatis.cron*
-rw-r--r--  1 root root   137 Jul  6  2011 mlocate.cron
-rwxr-xr-x  1 root root   296 Feb 25  2013 rpm*
-rwxr-xr-x  1 root root   354 Aug 11  2010 tmpwatch*
root@ip-184-168-116-73 [/etc/cron.daily]#

Open in new window

0
Victor KimuraSEO, Web DeveloperAuthor Commented:
My logrotate config settings. Does it look ok? Should I change or add anything in this config file? Considering I had massive logs I would think so but not quite sure what to add.

cd /etc/cron.daily
root@ip-184-168-116-73 [/etc/cron.daily]# ls -al
total 36
drwxr-xr-x  2 root root  4096 Oct 11  2013 ./
drwxr-xr-x 80 root root 12288 Sep 25 17:45 ../
-rwxr-xr-x  1 root root   180 Jun  4  2012 logrotate*
-rwxr-xr-x  1 root root   418 May 30  2012 makewhatis.cron*
-rw-r--r--  1 root root   137 Jul  6  2011 mlocate.cron
-rwxr-xr-x  1 root root   296 Feb 25  2013 rpm*
-rwxr-xr-x  1 root root   354 Aug 11  2010 tmpwatch*
root@ip-184-168-116-73 [/etc/cron.daily]# cat logrotate
#!/bin/sh

/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0
root@ip-184-168-116-73 [/etc/cron.daily]# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files daily
daily

# keep 14 days worth of backlogs
rotate 14

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    minsize 1M
    create 0664 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.
root@ip-184-168-116-73 [/etc/cron.daily]#

Open in new window

0
gheistCommented:
No, it seems rotating logs.
What is written in that bcrm-iscsi log ?
Is it mentioned anywhere in /etc/logrotate.conf /etc/logrotate.d/*.conf
If not - truncate it.
0
Nick UpsonPrincipal Operations EngineerCommented:
if you don't want them reducing this might suit you

# keep 14 days worth of backlogs
rotate 14
0
Victor KimuraSEO, Web DeveloperAuthor Commented:
@gheist, I deleted the bcrm-iscsi log. Don't know what it was. I backed it up though in case I need it. It's not mentioned in the the /etc/logrotate.conf nor the /etc/logrotate.d/*.conf

@NickUpson, the rotate 14 seems to be set already.

I have WHM/cPanel. Are there any know problems/issues with running yum clean all?

Should I delete the files like /var/lib/mysql/mysql-bin.000024, etc?
0
gheistCommented:
Mistake Mistake Mistake
You deleted it and now some process continues to write deleted inode.
check with lsof +L1 and restart it correctly.

No you should not delete any database data files.

There are no problems running "yum clean all". Only effect is that it will download updates next time you run it.
0
serialbandCommented:
iscsi is SCSI connection over ethernet.  It's probably a log of your RAID.  You should read your logs first before attempting to delete them.  As gheist said, the process is still writing to the iNode.  You need to stop the process that's holding the file open before you can delete it properly.  You now have an "invisible" file that's still being written to.

Don't just delete log files.  At least find out what's in them to make them so large.  Otherwise, why even bother having them.


yum clean all cleans out the cruft left behind by yum when it updates or installs files.  There's no problem running that.  It's the only "safe" thing you can do.  yum downloads updates each time it runs.

DO NOT DELETE your MySQL files.  You'll corrupt your database.
0
Nick UpsonPrincipal Operations EngineerCommented:
I'm suggesting you consider changing the 14 to something less
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.