Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

tallylog file

Posted on 2015-02-17
2
Medium Priority
?
4,342 Views
Last Modified: 2015-02-28
what is tallylog file?

How is it possible to have 52G? is it real size ?

[root@log]# df -h .

Filesystem            Size  Used Avail Use% Mounted on

/dev/mapper/vg00-var  4.0G  906M  2.9G  24% /var

[root@log]# ls -lh tallylog

-rw-------. 1 root root 52G Feb 17 12:20 tallylog

[root@log]# pwd

/var/log

[root@log]#
0
Comment
Question by:linuxperson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Expert Comment

by:Mark Bullock
ID: 40615875
Some ways to find out what this is:

Use head or tail to read the first few lines or last few lines. Add the -### switch to read as many lines as you like.

The less command also allows you to look through large files quickly.

You can find out if a process has it open with the list open files command.
lsof tallylog

To keep the file size manageable you can roll this log file every day and delete or compress older files. The logrotate program can do this.
0
 
LVL 21

Accepted Solution

by:
tfewster earned 2000 total points
ID: 40616213
man pam_tally2:  tallylog is a log of (failed) logins and the pam_tally2 mechanism maintains a count of attempted accesses, can reset count on success, and can deny access if  too many attempts fail.

tallylog is a "sparse" file - the size is pre-allocated to reserve the space it thinks it may need, and if you have large UIDs (the numeric user ID), a lot of space is reserved. (If your UID is 1000000, space for uids 0-1000000 is reserved).

Most Linux utilities (e.g. du) report the actual space used correctly -

hostname:/var/log# ls -lh tallylog
-rw-------. 1 root root 626K Feb 10 15:13 tallylog
hostname:/var/log# du -sh tallylog
8.0K    tallylog

- but beware when backing up tallylog as some utilities may treat a sparse file incorrectly and fill in the "holes" with nulls.

A quick web-search for "tallylog sparse" brings up several useful references, such as
https://bugzilla.redhat.com/show_bug.cgi?id=771286

So, to use the classic line - It's not a bug, it's a feature!
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question