Syslog and Daemon.log each at 25GB - ideas?

EricClarke · April 30, 2018, 2:28am

Hi - newbie on the unix side of things - love my new laptop btw - but not sure how to zap/zero out/ or access the logs to find out what’s causing this.

I’ve a Synaptic NAS on the network (formerly the 4 drives in my PC) and Gerbera media server but those are the only 2 things I can think of being suspects for this growth.

Open to direction for analysis - as I said, new to the OS

Thanks!

blendergeek · April 30, 2018, 3:11pm

Type sudo rm /var/log/syslog* at the terminal to zap the logs.

To prevent them . . . any ideas?

EricClarke · April 30, 2018, 8:08pm

Thanks!

Not sure if it’s related but I’m getting the random freezing issue.

blendergeek · May 1, 2018, 3:20pm

Note: My “fix” only deletes ‘syslog’ entries. I don’t have a ‘daemon.log’ file on my computer but a similar command would nuke it.

To actually fix the problem, open the most recent log file on the command line using ‘less’.

$ sudo less /var/log/syslog

Something is creating 25GB of logs. Most likely it is logging the same thing over and over again. You will need to find what is oft-repeated in the logs.

That will be the problem we need to solve.

montaropdf · May 4, 2018, 10:34am

You should use logrotate to limit the number and size of logfiles and there archives.

look for directory /etc/logrotate.d

There, you will find the file rsyslog, which define the log rotation of syslog.

EricClarke · June 9, 2018, 6:59pm

Thanks to both of you - got the logs delete and set the log rotation as suggested - can’t see a root cause in the logs but they’re both staying under 4gb each (which I think must still be high but haven’t seen a pattern in the 2 occasions I bothered to look.

Random freezing problem resolved too

Thanks again,

Eric

jonatack · July 19, 2018, 2:15pm

Instead of deleting the logs, run:

> /var/log/<filename>

(yes, with a greater-than character at the beginning of the command.)

This will truncate the log reliably without editing or deleting the file. Using rm to delete the logfile then recreating it can mess up the permissions, and if another process has the file open it isn’t released until the process closes.

If a log is growing quickly, run tail -f <filename> to watch it live to see what’s going on… ctrl-C to exit.

The last time I had an incident, NetworkManager was logging hundreds of times per second and just needed to be restarted.