Very large log files, what should I do?
Simply delete these files and then reboot?
No. Empty them but do not use rm
because it could end up crashing something while you are typing the touch
command to recreate it.
Shortest method:
cd /var/log
sudo su
> lastlog
> wtmp
> dpkg.log
> kern.log
> syslog
exit
If not root it will require sudo
. Taken from another answer on AU.
BEFORE YOU DO THAT. Do a tail {logfile}
and check if there is a reason for them to be so big. Unless this system is several years old there should be no reason for this and fixing the problem is better than letting this go on.
Both kern.log and syslog should normally not be that big. But like I said: if this system is up and running for years and years it might be normal and the files just need to be cleared.
And to prevent it to become that big in the future: setup logrotate
. It is pretty straightforward and will compress the logfile when it becomes bigger then a size you set it to.
1 other thing: if you do not want to delete the contents you can compress the files by tarring or gzipping them. That will have you end up with files probably 10% of what they are now. That is if there is still room on the disk to do that.
It's probably worth trying to establish what is filling the log(s) - either by simply examining them visually using the less
or tail
command
tail -n 100 /var/log/syslog
or if the offending lines are too deeply buried to easily see what's occuring, something like
for log in /var/log/{dmesg,syslog,kern.log}; do
echo "${log} :"
sed -e 's/\[[^]]\+\]//' -e 's/.*[0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}//' ${log} \
| sort | uniq -c | sort -hr | head -10
done
(note: this may take some time, given such large files) which will attempt to strip off the timestamps and then count the most frequently occurring messages.
My method for clean system log files is this. Steps 1 and 2 are optional, but sometimes you need check older logs and backup is sometimes useful. ;-)
-
Optional: Copy log file
cp -av --backup=numbered file.log file.log.old
-
Optional: Use Gzip on copy of log
gzip file.log.old
-
Use /dev/null for clean file
cat /dev/null > file.log
And we use for this logs (only on several servers) logrotate and weekly execute by cron script which all files with *.1 (or next rotated) compress by gzip.
I installed Ubuntu 16.04 today and I noticed the same problem. However, I fixed this with busybox-syslogd. Yup! I've Just installed that package and problem has been solved. :)
$ sudo apt-get install busybox-syslogd
After installing that package, reset syslog
and kern.log
:
sudo tee /var/log/syslog /var/log/kern.log </dev/null
I hope this simple solution is useful to other people around.