?
Solved

tallylog file

Posted on 2015-02-17
2
Medium Priority
?
3,939 Views
Last Modified: 2015-02-28
what is tallylog file?

How is it possible to have 52G? is it real size ?

[root@log]# df -h .

Filesystem            Size  Used Avail Use% Mounted on

/dev/mapper/vg00-var  4.0G  906M  2.9G  24% /var

[root@log]# ls -lh tallylog

-rw-------. 1 root root 52G Feb 17 12:20 tallylog

[root@log]# pwd

/var/log

[root@log]#
0
Comment
Question by:linuxperson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Expert Comment

by:Mark Bullock
ID: 40615875
Some ways to find out what this is:

Use head or tail to read the first few lines or last few lines. Add the -### switch to read as many lines as you like.

The less command also allows you to look through large files quickly.

You can find out if a process has it open with the list open files command.
lsof tallylog

To keep the file size manageable you can roll this log file every day and delete or compress older files. The logrotate program can do this.
0
 
LVL 21

Accepted Solution

by:
tfewster earned 2000 total points
ID: 40616213
man pam_tally2:  tallylog is a log of (failed) logins and the pam_tally2 mechanism maintains a count of attempted accesses, can reset count on success, and can deny access if  too many attempts fail.

tallylog is a "sparse" file - the size is pre-allocated to reserve the space it thinks it may need, and if you have large UIDs (the numeric user ID), a lot of space is reserved. (If your UID is 1000000, space for uids 0-1000000 is reserved).

Most Linux utilities (e.g. du) report the actual space used correctly -

hostname:/var/log# ls -lh tallylog
-rw-------. 1 root root 626K Feb 10 15:13 tallylog
hostname:/var/log# du -sh tallylog
8.0K    tallylog

- but beware when backing up tallylog as some utilities may treat a sparse file incorrectly and fill in the "holes" with nulls.

A quick web-search for "tallylog sparse" brings up several useful references, such as
https://bugzilla.redhat.com/show_bug.cgi?id=771286

So, to use the classic line - It's not a bug, it's a feature!
0

Featured Post

Quick Start: DOCKER

Sometimes you just need a Quick Start on a topic in order to begin using it.. this is just what you need to know to get up and running with Docker!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to show how we can create Linux Mint virtual machine using Oracle Virtual Box. To install Linux Mint we have to download the ISO file from its website i.e. http://www.linuxmint.com. Once you open the link you will see …
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month9 days, 15 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question