Solved

tallylog file

Posted on 2015-02-17
2
3,113 Views
Last Modified: 2015-02-28
what is tallylog file?

How is it possible to have 52G? is it real size ?

[root@log]# df -h .

Filesystem            Size  Used Avail Use% Mounted on

/dev/mapper/vg00-var  4.0G  906M  2.9G  24% /var

[root@log]# ls -lh tallylog

-rw-------. 1 root root 52G Feb 17 12:20 tallylog

[root@log]# pwd

/var/log

[root@log]#
0
Comment
Question by:linuxperson
2 Comments
 
LVL 13

Expert Comment

by:Mark Bullock
ID: 40615875
Some ways to find out what this is:

Use head or tail to read the first few lines or last few lines. Add the -### switch to read as many lines as you like.

The less command also allows you to look through large files quickly.

You can find out if a process has it open with the list open files command.
lsof tallylog

To keep the file size manageable you can roll this log file every day and delete or compress older files. The logrotate program can do this.
0
 
LVL 20

Accepted Solution

by:
tfewster earned 500 total points
ID: 40616213
man pam_tally2:  tallylog is a log of (failed) logins and the pam_tally2 mechanism maintains a count of attempted accesses, can reset count on success, and can deny access if  too many attempts fail.

tallylog is a "sparse" file - the size is pre-allocated to reserve the space it thinks it may need, and if you have large UIDs (the numeric user ID), a lot of space is reserved. (If your UID is 1000000, space for uids 0-1000000 is reserved).

Most Linux utilities (e.g. du) report the actual space used correctly -

hostname:/var/log# ls -lh tallylog
-rw-------. 1 root root 626K Feb 10 15:13 tallylog
hostname:/var/log# du -sh tallylog
8.0K    tallylog

- but beware when backing up tallylog as some utilities may treat a sparse file incorrectly and fill in the "holes" with nulls.

A quick web-search for "tallylog sparse" brings up several useful references, such as
https://bugzilla.redhat.com/show_bug.cgi?id=771286

So, to use the classic line - It's not a bug, it's a feature!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
awk sed 8 65
CENTOS DHCP Server / PXE/TFTP 14 154
linux SFTP 8 60
EXCHANGE. LINUX, SYMANTEC MESSAGING GATEWAY 2 37
If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question