My backup team reported that the backups are failed. And on investigation I found /var/log/lastlog is very huge in size but file system usage is normal in "df" output. And even "du" command also shows normal in size.
I found this information from redhat.
This file is what we call a sparse file. A sparse file is a file that contains unallocated blocks or "empty space", as it implies, it does not actually take up filesystem space. To test this theory, execute the following command:
root@server1.nyc.us:/var/log # ls -l /var/log/lastlog
-rw-r--r-- 1 root tty 459561084068 Jul 1 13:05 /var/log/lastlog
root@server1.nyc.us:/var/log # du -sh /var/log/lastlog
23M /var/log/lastlog
See the ls -l output, which shows huge size. The fix which they have suggested is to copy/move the file to some other place, because the copying will clear the unallocated blocks. But I found the copy is taking more time. So I decided to to clear the file after stopping the syslog service.
The commands are below.
## Stop the syslog service ##
## (try the command according to your distribution) ##
service rsyslog stop
or
rcsyslog stop
or
systemctl stop rsyslog.service
# Clear the file #
> /var/log/lastlog
## Start the syslog service ##
service rsyslog start
or
rcsyslog start
or
systemctl start rsyslog.service
Comments
Post a Comment