/dev/root size keeps going up
I have been noticing my new Linode's
df -m
values everyday and they have been increasing more and more. Here's the output from today
root@hydrogen:~# df -m
Filesystem 1M-blocks Used Available Use% Mounted on
/dev/root 19907 1428 17453 8% /
devtmpfs 492 0 492 0% /dev
tmpfs 495 0 495 0% /dev/shm
tmpfs 495 51 444 11% /run
tmpfs 5 0 5 0% /run/lock
tmpfs 495 0 495 0% /sys/fs/cgroup
tmpfs 99 0 99 0% /run/user/0
Are these the log files? Because in just 4 days they've crept up to 8% + 11% im fearing that they will consume all my server space soon. Any idea if it is the logs how to clear them out?
Thanks
6 Replies
What logrotate does is split your log file into multiple files, and then you can choose for how many days or what file you size want before it starts to delete old logs. I don't know what distro you're running but I suggest Googling for "logrotate" and your distro.
Some more information on logrotate:
The file /var/log/btmp contains bad/failed login attempts and should be taken seriously, not just logrotate'ed. First read the man page for "lastb" (man lastb) and see the command line parameters. Then see who is brute forcing your server and which particular service they are hitting.
For example, if you see brute force attacks on the ssh port, then it is a good idea to change the port and add some extra protection layer (like whitelisted IP addresses, disable password logins and enforce keys, etc). But it all depends on the service that is being abused.
Once you solve the brute force problem, you may see how to logrorate the btmp file.
Every failed login attempt, gets logged in btmp.