Good evening. I just got off an outage call where a system went down because it’s /dev/mapper/SangomaVG-root partition was at 100% Come to find out, the log files are what burned up all the space.
Is there not something built-in that clears old logs? Obviously I deleted the files and restarted the system and am now back down to 17% used partition space, but I would have thought there was a routine that ran to keep that log folder tidy.
Thanks.
Which distro version?
Oops, yeah that would have been helpful. FPBX14
This is not the distro version, you can find the distro version under system admin.
All I see is this (below):
PBX Firmware:
12.7.5-1807-1.sng7PBX Service Pack:
1.0.0.0
You are running the 12.7 distro where logs are rotated and purged regularly. What files did you need to delete?
In the /var/log/asterisk directory, there were gigs of rotated logs from:
Fail2Ban
Full (assuming this is full asterisk logging)
I feel like there were a couple other, but I had already cleared them. I looked in another system to get these, and have attached a screenshot, as that one seems to be doing something similar. What’s odd is, look at the Fail2Ban log - it’s like there are several versions of it (like, when initially installed, then when the server was renamed, etc.).
Have you looked at the logs to see what they are filling up with? Do you have a firewall enabled or is traffic to 5060 wide open to the public Internet?
That log file stores authentication attempts that are evaluated by fail2ban for blocking intrusion attempts, which means something is authenticating an awful lot to cause the logs to grow that large.
While it could be an outside intrusion attempt, it could also be something internal, like something connecting to AMI an insane amount of times, or a ton of phones re-registering at incredibly short intervals, etc.
So a couple of things here. There was a bug in SNG7 with this in sysadmin-rpm that was fixed recently. Then you’d need to basically reinstall framework,core,zulu and restapps for it to apply.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
