Solved

tallylog file

Posted on 2015-02-17
2
3,291 Views
Last Modified: 2015-02-28
what is tallylog file?

How is it possible to have 52G? is it real size ?

[root@log]# df -h .

Filesystem            Size  Used Avail Use% Mounted on

/dev/mapper/vg00-var  4.0G  906M  2.9G  24% /var

[root@log]# ls -lh tallylog

-rw-------. 1 root root 52G Feb 17 12:20 tallylog

[root@log]# pwd

/var/log

[root@log]#
0
Comment
Question by:linuxperson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Expert Comment

by:Mark Bullock
ID: 40615875
Some ways to find out what this is:

Use head or tail to read the first few lines or last few lines. Add the -### switch to read as many lines as you like.

The less command also allows you to look through large files quickly.

You can find out if a process has it open with the list open files command.
lsof tallylog

To keep the file size manageable you can roll this log file every day and delete or compress older files. The logrotate program can do this.
0
 
LVL 21

Accepted Solution

by:
tfewster earned 500 total points
ID: 40616213
man pam_tally2:  tallylog is a log of (failed) logins and the pam_tally2 mechanism maintains a count of attempted accesses, can reset count on success, and can deny access if  too many attempts fail.

tallylog is a "sparse" file - the size is pre-allocated to reserve the space it thinks it may need, and if you have large UIDs (the numeric user ID), a lot of space is reserved. (If your UID is 1000000, space for uids 0-1000000 is reserved).

Most Linux utilities (e.g. du) report the actual space used correctly -

hostname:/var/log# ls -lh tallylog
-rw-------. 1 root root 626K Feb 10 15:13 tallylog
hostname:/var/log# du -sh tallylog
8.0K    tallylog

- but beware when backing up tallylog as some utilities may treat a sparse file incorrectly and fill in the "holes" with nulls.

A quick web-search for "tallylog sparse" brings up several useful references, such as
https://bugzilla.redhat.com/show_bug.cgi?id=771286

So, to use the classic line - It's not a bug, it's a feature!
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
Fine Tune your automatic Updates for Ubuntu / Debian
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question