For When You Can't Have The Real Thing
[ start | index | login ]
start > Linux > Auditd Fills Up Var Partition

Auditd Fills Up Var Partition

Created by dave. Last edited by dave, 7 years and 18 days ago. Viewed 5,693 times. #2
[diff] [history] [edit] [rdf]
labels
attachments

/Var Partition filled

Red Hat Enterprise Linux 3 contains the auditd package, which logs many things in its own format. For some reason it never rotates these logs, which mean that they can grow to overfill the /var filesystem.

These files are stored in /var/log/audit.d and can be deleted at any time.

The longer term fix is to turn off audit.d completely:

# chkconfig auditd off
# service auditd stop

Note that due to dependancies you cannot remove the auditd package. Bummer.

This note is known valid for:

  • RHEL 3 WS U4
Update, 1111.29: Hopefully nobody still has RHEL3 kicking around. But for those of you unfortunate enough to be like me, I had to do it this way:
# chkconfig audit off
# service audit stop
I'm not sure if this was a typo on my part or if different revs of RHEL3 had different names for the service; so I record this for posterity (and for me when I need it again in a year).
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt