Logs Fill Up CSA

Version 8

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6LANDESK Management Suite 2016.x

    NOTE: The settings recommended in the config file are not static. Depending on how much traffic your CSA sees you may need to adjust the size and retention

     

    Problem:

    Unable to login to CSA. Repeatedly get the login prompt through the GUI, even though credentials are good. Get the 403 Forbidden error when logging into the CSA.

     

    To confirm this is a problem login to the CSA via SSH then run the command> df -h

    In the below output you can see the Use%. If any partition is 100% this is the problem.

     

     

         [admin@glados ~]$ df -h

         Filesystem            Size  Used Avail Use% Mounted on

         /dev/mapper/vg_ldcsa-lv_root

                                42G  1.9G   38G   5% /

         tmpfs                 3.9G     0  3.9G   0% /dev/shm

         /dev/sda1             485M   33M  427M   8% /boot

     

     

    Resolution:

     

    First:

    Remove the logs filling up the drive space

    cd /var/log

    rm messages* -f

     

    Second:

     

    create a file named 'messages' and place it in /etc/logrotate.d/ with this content:

    /var/log/messages {

      compress

      copytruncate

      size 10M

      rotate 10

      notifempty

      endscript

    }

     

    *script can be modified in either the file size or the number of logs to keep.

     

    OR

    Copy this file with WinSCP or FileZilla to root /etc/logrotate.d/

     

    OR

    If the above script doesn't work, here is a more specific script that can be used if the problem is unresolved after those first two steps.

     

    /var/log/messages {

    copytruncate

    size 10M

    rotate 0

    notifempty

    dateext

    dateformat -%Y-%m-%d-%s

    postrotate

    /usr/bin/find /var/log/ -name "messages-*" -type f -exec rm {} $

    endscript

    }

     

    Notes about the script:

    • dateext and dateformat -%Y-%m-%d-%s needed to be added for hourly rotations. By default, /etc/logrotate.conf is set to add -%Y-%m-%d and without the -%s, it will not create a unique file name and the log will not be rotated.
    • The postrotate line was added because even with rotate 0 set, it still leaves 1 old log file. Because of how quickly this log may grow, it is useful for making sure no logs are left over.
    • The size option must be set and not the frequency (weekly, daily, monthly) because hourly is not a valid option. This is useful for logs that fill up much quicker than usual.

     

    The newer versions of the appliance added /var/log/messages to the /etc/logrotate.d/syslog. This line MUST be removed from the file, otherwise logrotate errors out stating there are 2 entries found for /var/log/messages and will not rotate the log.

    It may be needed to schedule the job to run every hour by adding the following line to /etc/crontab

    0 * * * * root /usr/sbin/logrotate /etc/logrotate.conf