Solved

tallylog file

Posted on 2015-02-17
2
3,630 Views
Last Modified: 2015-02-28
what is tallylog file?

How is it possible to have 52G? is it real size ?

[root@log]# df -h .

Filesystem            Size  Used Avail Use% Mounted on

/dev/mapper/vg00-var  4.0G  906M  2.9G  24% /var

[root@log]# ls -lh tallylog

-rw-------. 1 root root 52G Feb 17 12:20 tallylog

[root@log]# pwd

/var/log

[root@log]#
0
Comment
Question by:linuxperson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Expert Comment

by:Mark Bullock
ID: 40615875
Some ways to find out what this is:

Use head or tail to read the first few lines or last few lines. Add the -### switch to read as many lines as you like.

The less command also allows you to look through large files quickly.

You can find out if a process has it open with the list open files command.
lsof tallylog

To keep the file size manageable you can roll this log file every day and delete or compress older files. The logrotate program can do this.
0
 
LVL 21

Accepted Solution

by:
tfewster earned 500 total points
ID: 40616213
man pam_tally2:  tallylog is a log of (failed) logins and the pam_tally2 mechanism maintains a count of attempted accesses, can reset count on success, and can deny access if  too many attempts fail.

tallylog is a "sparse" file - the size is pre-allocated to reserve the space it thinks it may need, and if you have large UIDs (the numeric user ID), a lot of space is reserved. (If your UID is 1000000, space for uids 0-1000000 is reserved).

Most Linux utilities (e.g. du) report the actual space used correctly -

hostname:/var/log# ls -lh tallylog
-rw-------. 1 root root 626K Feb 10 15:13 tallylog
hostname:/var/log# du -sh tallylog
8.0K    tallylog

- but beware when backing up tallylog as some utilities may treat a sparse file incorrectly and fill in the "holes" with nulls.

A quick web-search for "tallylog sparse" brings up several useful references, such as
https://bugzilla.redhat.com/show_bug.cgi?id=771286

So, to use the classic line - It's not a bug, it's a feature!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question