Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 9805 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - /tmp is full

Cpsilva

Hi,

I have a Sophos XG in SFOS version 17.0.8 MR-8, I discovered an NC-28220 [Base System] Garner active.db file size is too big in /tmp/eventlogs due to LogViewer output plug-in

I can not perform the firmware update now, but I need to resolve this issue.
How can I clean this file? Is there any way to edit the size of it?
Thank you.

Filesystem Size Used Available Use% Mounted on
rootfs 298.9M 2.4M 276.6M 1% /
df: /newroot: No such file or directory
df: /newroot/dev: No such file or directory
df: /newrootrw: No such file or directory
none 298.9M 2.4M 276.6M 1% /
none 7.8G 36.0K 7.8G 0% /dev
none 7.8G 7.8G 0 100% /tmp
none 7.8G 12.7M 7.8G 0% /dev/shm
/dev/conf 385.4M 66.1M 319.2M 17% /conf
/dev/content 21.0G 271.4M 20.7G 1% /content
/dev/var 176.2G 53.0G 123.2G 30% /var

#du -hs /tmp/eventlogs/active.db
7.8G /tmp/eventlogs/active.db



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    usually gets cleared during a restart. The ongoing issue is going to be how to manage the file size in future?

    Ian

  • 0 in reply to rfcat_vk

    Do you know if you have any command to clean this active.db? I'm afraid to reboot and not start any more.

  • 0 in reply to Cpsilva

    Hi,

    sorry I do not know direct answer to your question, but  have a suggestion can you change the log period in your extract process?

    Ian

  • 0 in reply to rfcat_vk

    Hi,

     

    I moved active.db to the /var partition. Even so, the allocated disk value remained at 100%. Then in the Device Console, I performed a log cleanup with the "system diagnostics subsystems CSC purge- *" command and then cleared the space. In this way, I performed the failover and it worked again. I do not know if that was the best solution, but it solved the problem.

    On one of the Appliances, I find no errors in the logs. On the other encounter the following error:

    service garner: restart -ds nosync
    200 OK


    tail -f /var/tslog/garner.log
    SFEVENTSFTS: Aug 30 08: 35: 41: sfeventsfts_backup_db: disk is full
    SFEVENTSFTS: Aug 30 08: 35: 41: sfeventsfts_backup_db: disk is full

    cat /tmp/garner.sock
    cat: can not open '/tmp/garner.sock': No such device or address

    I have space left now.

    # df -h
    Filesystem Size Used Available Use% Mounted on
    rootfs 323.1M 2.4M 299.6M 1% /
    df: / newroot: No such file or directory
    df: / newroot / dev: No such file or directory
    df: / newrootrw: No such file or directory
    none 323.1M 2.4M 299.6M 1% /
    none 7.8G 40.0K 7.8G 0% / dev
    none 7.8G 448.8M 7.3G 6% / tmp
    none 7.8G 14.8M 7.8G 0% / dev / shm
    / dev / conf 385.4M 67.8M 317.6M 18% / conf
    / dev / content 21.0G 281.7M 20.7G 1% / content
    / dev / var 176.2G 59.6G 116.6G 34% / var

     

    I have room to spare, the service appears to be running, but the logs show something else.

    I have an open case on sophos but I have not had feedback yet. Any information will be appreciated.

  • 0 in reply to Cpsilva

    Hey  

    Would it be possible to please share your support case number with me through PM? I'd like to look into this for you.

    Thanks,

Reply Children