Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 16020 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM in a Virtual Machine (Sophos 9.4) the Root partition its fillin up, and i dont nokw wy, please help

LuisApodaca

hi guys i have a problem with my Astaro Sophos UTM 9.4, its a VM with the description in the end of the post, "the Root partition is filling up ", every network definition or configuration I've changed these days it turns in to a Current fillup rate increase in 100 or more MB each time, this happens with the latest version 9.3 and also with the first 9.4

this causes my VM turns unreachable by the web browser, but i can connect doing ping in a CMD shell, so I solved the problem with the setting up for other VM with 100 HDD and the same other hardware, now im fine for a time (32 days), but i need define every ip in the network, i need keep working, i can´t let it without the definitions.

any idea ? thank anyway.

virtual machine in a ESXI 6.0
HDD 100 GB
RAM 12 GB
3 Ethernet NIC (2 ISP)
2 processor socket with 4 cores each one
24 Vlan´s, only 19 are in use
almost 450 host in the entire network (LAn and WIFI)
licenced for 500 Host´s

PD: sorry for my English, I'm from mexico and I dont have enough practice



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to BAlfson

    im sorry Bob, it´s gona be the first time im gona use the shell , But I'll try, i´ll let you know what it happens, thank´s

  • 0 in reply to LuisApodaca

    I tried to connect via SSH, and I was not possible, could you help me configure access?

    I enable shell access and established the password for root and user, also enable the network that I am, I need something more?

  • 0 in reply to LuisApodaca

    That should have worked.  You can login as root on the console instead of using SSH.

    Cheers - Bob

  • 0 in reply to BAlfson

    yes i can, here you can see the result, but should i type the instruccion you gave to my in this promt ? or shoul i go to other folder ?, thank´s

    by the way, here the original problem, thank´s again

  • 0 in reply to LuisApodaca

    Ahhh-hah!  You must login at the console as "root" instead of the "admin" account in WebAdmin.

    In addition to the first command, also run du -shx /var/log/*

    Cheers - Bob

  • 0 in reply to BAlfson

    here you have the results, again than´s, and i wait for your comment

    first comand

      

    second comand

  • 0 in reply to LuisApodaca

    What time of day was this screenshot taken?

    You have 2.7GB of WebFilter logs - so that's filling up pretty fast!

    Have a look at the live log for the web-filter, see if you can see any recurring errors etc.

    How many users do you have accessing the device?

    It's also possible that you have a machine on the network that's constantly trying to get out,  Adobe Creative Suite did this on one of my client's networks, we had to add an exception to stop it filtering and caching etc.

  • 0 in reply to LuisApodaca

    Agreed with xnsys - With 450 users, I would expect the largest it would get would be a fourth that size.  Still, the right answer is a larger disk.

    Cheers - Bob

  • 0 in reply to BAlfson

    ok, first answer, i took the result for the comand you gabe to me at 14:00, with just a few user on the network

    second answer, about recurring errors, here in the image you can see the result of a search in the log file, there are to many, but all of them are in the same condition, ¿can you tell me how can i filter the search for look some troubles?

    third answer, for "user accesing the device" ¿you mean users passing through the firewall to internet ? (i dont know how to see that) or ¿users accessing in to the webadmin?,,, just me !

    and finally this is the description for a new VM i will set up for replace the one i using, any suggestion?

    virtual machine in a ESXI 6.0
    HDD 1 TB
    RAM 12 GB
    3 Ethernet NIC (2 ISP)
    2 processor socket with 4 cores each one

    the next image is for show you how its a normal day in the network, should i do some thing else?

    again thanks so much.

  • 0 in reply to LuisApodaca

    It looks like you have classified microsoft.com as a malicious website and that everyone's PC is trying to get updates.  When their requests are blocked, they keep sending new ones.  You probably want either to allow these accesses or to stop recording them in the log.

    Cheers - Bob