GEMCC
asked on
Linux system hard drive suddenly fills up.
Hello,
I have a Linux box running as a router/firewall/Xeams firewall. It has 146GB drive. Up until about 2 weeks ago about 20GB was being used consistently. All of the sudden the hard drive is getting full. Xeams told me to run du -h . in the directory where Xeams is installed. I do not see anything that is unusually large.
Please advise.
Have a great day,
Don
I have a Linux box running as a router/firewall/Xeams firewall. It has 146GB drive. Up until about 2 weeks ago about 20GB was being used consistently. All of the sudden the hard drive is getting full. Xeams told me to run du -h . in the directory where Xeams is installed. I do not see anything that is unusually large.
Please advise.
Have a great day,
Don
Are you in a command line environment, or is a GUI desktop available?
ASKER
Command. I ran df -h and see /dev/md1 is utilizing 139GB but do not know what to do.
OK. You will need to su to get reliable results.
Use the command "du -h 1" to print the disk usage for the directory you are in and those one level down. On the left is the space taken up, on the right is the directory name. Here is an example from my system.
We see that the majority of the space, 1.5 GB, is under /usr. Now begin a tedious process of going down one level, looking at that level, deciding if it is where the disk went, and repeating until eventually the location of the disk loss is found.
This is mostly system stuff with the exception of /local. Back up one level, look at /var. And so on.
I would start by looking in /var. Logfiles can become enormous very rapidly.
Use the command "du -h 1" to print the disk usage for the directory you are in and those one level down. On the left is the space taken up, on the right is the directory name. Here is an example from my system.
root@www:/# cd /
root@www:/# du -h -d 1
6.0M ./bin
4.7M ./sbin
4.0K ./media
4.0K ./srv
92M ./lib
4.0K ./opt
310M ./var
804K ./home
0 ./dev
8.0K ./mnt
16K ./lost+found
1.5G ./usr
34M ./boot
48K ./root
59M ./www
3.0M ./etc
1012K ./run
0 ./tmp
0 ./proc
0 ./sys
2.0G .We see that the majority of the space, 1.5 GB, is under /usr. Now begin a tedious process of going down one level, looking at that level, deciding if it is where the disk went, and repeating until eventually the location of the disk loss is found.
root@www:/# cd /usr
root@www:/usr# du -h -d 1
37M ./bin
15M ./sbin
179M ./lib
28M ./local
190M ./share
4.0K ./games
984M ./src
22M ./include
30M ./libexec
1.5G .This is mostly system stuff with the exception of /local. Back up one level, look at /var. And so on.
I would start by looking in /var. Logfiles can become enormous very rapidly.
What distro is it based on? are you running updates and not removing old kernel versions?
Xeams firewall seems to dump junk mails into the Quarantine, so if you get plenty of junk that would fill that up. So I'd suggest you check the Xeams firewall Quarantine settings.
Xeams firewall seems to dump junk mails into the Quarantine, so if you get plenty of junk that would fill that up. So I'd suggest you check the Xeams firewall Quarantine settings.
df -k
How your partitioned, the likely issue is that your logrotate did not sever the connection between a process and a LogFile into which it was writing, so while du does not reflect the space used, the file handle being active still reflects that space as in use.
You need to use lsof to locate a process attached to a large file. Restarting that process will release the space.
We're any changes made two to three weeks prior I.e. Logging firewall events, implementation of fail2ban?
How your partitioned, the likely issue is that your logrotate did not sever the connection between a process and a LogFile into which it was writing, so while du does not reflect the space used, the file handle being active still reflects that space as in use.
You need to use lsof to locate a process attached to a large file. Restarting that process will release the space.
We're any changes made two to three weeks prior I.e. Logging firewall events, implementation of fail2ban?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Issue resolved