Koozali.org: home of the SME Server

Large log file caused some problems

Offline funkusmunkus

  • *
  • 220
  • +0/-0
Large log file caused some problems
« on: May 05, 2006, 04:18:10 AM »
Hi all,

I was trying to check the log files this morning as I normally do, but it was stuck at loading the "View log files" page.
I jumped on good old putty, and had a look at top, and saw "perl5.6.1" eating up 98%-99.9% on one cpu, and that logrotate was eating up about 30-40% of the other, and thought I should check the "/var/log/" and saw that the latest messages file:messages.20060501011204 was well over 250MB in size, so first of all I killed the logrotate process, and then I copied the large messages file to another location, and deleted that one, thinking that it's the problem, and then recreated an empty "messages.20060501011204" file and linked it to messages.
Now when I try to view log files, perl5.6.1 jumps up again to 99.9% CPU usage, and after 2-3 min's it loads the "view log files" page, then perl5.6.1 drops back to normal (i'm not sure if it normally did that, but it does take a long time to load that page), and when I try to view the messages log file, it comes up empty, which makes me think that nothing is writing to it.
So I was hoping for a hero that would tell me exactly where I went wrong, and what I could do to solve it :-)

Thanks in advance
.........

Offline funkusmunkus

  • *
  • 220
  • +0/-0
Large log file caused some problems
« Reply #1 on: May 05, 2006, 04:26:15 AM »
Ok I just saw this http://no.longer.valid/news/article.php?storyid=103
The security article related to hord.

I disabled it, and I’ll just do some auditing
.........

Offline funkusmunkus

  • *
  • 220
  • +0/-0
Large log file caused some problems
« Reply #2 on: May 05, 2006, 07:27:57 AM »
well I'm running horde-2.2.5-1dm, and tried updating using yum, and got back "horde is installed and the latest version." so I'm in the clear if I understand this http://no.longer.valid/news/article.php?storyid=103 correctly?? it doesn't affect people who haven't upgraded to horde 3, and stuck with stock standard horde with SME 6.0.1 ??
but from my original problem, my messages logfile is still empty
Code: [Select]

lrwxrwxrwx    1 root     root           23 May  1 01:12 messages -> messages.20060501011204
-rw-------    1 root     root       926875 Mar 29 01:12 messages.20060322011204
-rw-------    1 root     admin      283325 Apr  1 01:12 messages.20060329011206
-rw-------    1 root     admin      250606 Apr  8 01:12 messages.20060401011203
-rw-------    1 root     admin      373192 Apr 15 01:12 messages.20060408011204
-rw-------    1 root     admin      865527 Apr 22 01:12 messages.20060415011204
-rw-------    1 root     admin    15192432 Apr 29 01:12 messages.20060422011204
-rw-------    1 root     admin    24007509 May  1 01:12 messages.20060429011203
-rw-------    1 root     root            0 May  5 11:28 messages.20060501011204

that's what the permissions look like, I went through a few logs and have come up empty handed, I disabled horde anyway just in case.

Yeah so can anyone shed some light ?? pretty please???
.........

Offline funkusmunkus

  • *
  • 220
  • +0/-0
Large log file caused some problems
« Reply #3 on: May 09, 2006, 07:33:19 AM »
it was ACID/SNORT after all, I'm not sure what it did, but I unintalled it, and was still having the problem, then I deleted the logfile folder it created in /var/log/ and right away everything was back to normal.
though my current messages logfile is still very big, but i'm sure logrotate will sort it out next week.

cheers
.........