- Delete all of /var/log?
- 10 Answers 10
- Чистим Ubuntu Server от мусора
- В чем разница между HTTP методами POST vs PUT vs PATCH?
- Ошибка при остановке Docker контейнера вида: ERROR: for *** cannot stop container: *** permission denied
- При билде Docker-контейнера выдает: WARNING: Running pip as the ‘root’ user
- Как создать проект на Django в текущей папке
- Разница между операторами «is» и «==» в Python
- Как переопределить вывод ——— в админке Django?
- Can I delete /var/log files due to low root space?
- 5 Answers 5
Delete all of /var/log?
Can I delete everything in /var/log ? Or should I only delete files (recursively) in /var/log but leave folders? Does anyone have a good rm command line? (My admin skills leave me nervous.) Note: I am using Debian. I am not sure what version.
Deleting log files is a bad idea (you’ll also need to find every running process that has it’s own log file and «kill -HUP» it, a soft restart that will result in the program recreating any necessary log files). I would strongly advise against deleting log files, rely on utilities like logrotate to manage the contents of /var/log for you automatically (it does stuff like HUP the processes) If I may I’d like to tackle this from a different angle. What problem are you trying to resolve that’s led you to consider this?
10 Answers 10
Instead of deleting the files you should rotate them, e. g. using logrotate .
You never know when you’ll actually need the logs from some time ago, so it’s better to archive them (up to a reasonable age, e. g. 3 months).
logrotate can compress your old log files so they don’t occupy a lot of disk space.
Well, IMHO deleting all logs can make perfect sense in some cases. For example I want to build a Virtial Machine image to be used for new deployments. Needless to say I would like it to be a really clean system without any logs, histories, caches etc. saved.
Sorry, but looking at three months old log files is archeology. If you collect logs to identify problems, then evaluate them quickly.
@countermode You are never in the mood for nostalgia? Like looking at the 3 month old log files thinking about good ol’ times?
OK, I see the command. How to use it? man logrotate says use it in cron. I suppose with the -f option?
find /var/log -type f -delete Delete all .gz and rotated file
find /var/log -type f -regex ".*\.gz$" find /var/log -type f -regex ".*\.1$" Try run command without «-delete», to test it.
If you delete everything in /var/log, you will most likely end up with tons of error messages in very little time, since there are folders in there which are expected to exist (e.g. exim4, apache2, apt, cups, mysql, samba and more). Plus: there are some services or applications that will not create their log files, if they don’t exist. They expect at least an empty file to be present. So the direct answer to your question actually is «Do not do this. «.
As joschi has pointed out, there is no reason to do this. I have debian servers running that haven’t had a single log file deleted in years.
There are valid reasons to remove log files, IMHO. For instance, you are exporting a virtual machine for use by others, but you don’t want the virtual machine image to contain details of everything that has happened before exporting.
One reason could be, in a scenario where you’re trying to cover the tracks of a system intrusion, although I think this would make a lot of noise.
A reason could also be to simply optimize the space before exporting a virtual machine. This then results in a smaller template file.
I’m cloning virtual machines from a master. It makes perfect sense to clear the log on the master so that when you boot the clones you won’t get the master’s log. I did in tcsh:
cd /var/log foreach ii ( `find . -type f` ) foreach? cp /dev/null $ii foreach? end which clears the logs but keeps the files.
Cleaning all logs on a Linux system without deleting the files:
for CLEAN in $(find /var/log/ -type f) do cp /dev/null $CLEAN done Samba ( /var/www/samba ) creates log file-names with ip addresses, you may want to delete them:
for CLEAN in $(find /var/log/samba -type f) do rm -rf $CLEAN done You can use the option ctime to find old files. for example:
As bindbn explain, first try the find fetch files and after use the option delete 😀
/var/log often has permissions of drwxrwxr-x , so is not user writable unless the user is root or belongs to a privileged group. That means new log files cannot be created by non-privileged users.
Applications that expect to log to a point within /var/log will often touch a file into existence somewhere in the /var/log hierarchy during install time (which often occurs with elevated privileges), and will chmod and possibly chown it at that time to permissions appropriate for the unprivileged users who will be using the application.
Apache logs, for example, are usually written to by nobody , who is a user with as few privileges as possible for Apache to get its job done without putting the system at undue risk. But even a more run-of-the-mill application often expects to be able to write to a logfile in /var/log .
So what happens if the logfile, and the path to the logfile don’t exist? That’s entirely up to the application. Some applications will quietly skip logging. Others will create a lot of warnings. And others will simply bail out. There’s no hard-fast rule; it’s up to the vigilance of the application developer, as well as how critical the developer considers its ability to log. At best the application will attempt to either write to, or possibly create and then write to a log file at a destination within /var/log , and will find itself unable to do so because it’s being run by a user who doesn’t have privileges to write into that part of the filesystem.
So the short answer is no, don’t delete everything in /var/log — it breaks the contract users with sufficient privileges to do such things have with the applications that run on their system, and will cause some noise, some silent failure to log, and some all-out breakage.
The appropriate action to take is to set up logrotate with appropriate config files. Typically rotation will be associated with a cron job. Rotation can be interval based, or size based, or both. It’s even possible to set up rules that avoid interval based rotation if the logfile is still empty when the interval expires. Rotation can include mailing of logfiles, compression, deletion, shredding, and so on.
The average user wouldn’t need to be too concerned about log rotation. Developers would probably want to ensure that logs they use have rotation rules established. In fact, it is likely good manners on the part of developers to set up log rotation at install time for any software-specific logs that software will be creating and writing.
Чистим Ubuntu Server от мусора
Запись 0 0 * * * означает запуск команды ежедневно в 00:00 по времени на сервере.
В самом файле есть подсказка по настройке тайминга запуска, поэтому вы можете настроить запуск необходимых команд в любое время.
# Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr . # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed
В чем разница между HTTP методами POST vs PUT vs PATCH?
Прежде всего внимательно ознакомьтесь с определением каждого HTTP метода в статье HTTP request methods. Теперь кратк…
Ошибка при остановке Docker контейнера вида: ERROR: for *** cannot stop container: *** permission denied
Ошибка возникает при запуске и остановке контейнера, а также при попытке его повторной сборки. Имеет примерно такой вид…
При билде Docker-контейнера выдает: WARNING: Running pip as the ‘root’ user
Самый простой способ избавиться от warning’a — это добавить в Dockerfile строку: ENV PIP_ROOT_USER_ACTION=ignore …
Как создать проект на Django в текущей папке
Разница между операторами «is» и «==» в Python
Оба оператора is и == предназначены для сравнения объектов в Python. Оператор == сравнивает два значения. Операто…
Как переопределить вывод ——— в админке Django?
Добавьте в admin.py следующие строки: Пустые поля в CharField, TextField etc @admin.register(YourModel) class …
Can I delete /var/log files due to low root space?
Judging by a posted message on ubuntu.org forums, I found that I have a .log file in /var/log at 22 GB in size! My root is an 82 GB partition and Disk Analyser shows the offender to be in log. The system root was installed circa 8 months ago, so clearly this is not a good thing in creating a 22 GB log on an 82 GB root partition. Is it safe to delete the log file or please advise on the correct safe procedure to cleanse it without messing up my system. I presume it may be ok, but would like some other opinions before I do the task of delete.
An alternative is to compress it using gzip or bzip2 — though this requires temporarily having enough space to hold both uncompressed and compressed copies of the file. Log files tend to have a lot of redundancy, so they should compress quite well (probably better than 90%).
5 Answers 5
It is generally safe to delete log files. The only disadvantage associated with doing so is that you may not be able to examine the log, if you’re troubleshooting some other problem later. Since new logs are automatically generated, even this disadvantage is short-lived.
Most logs are deleted automatically (after being rotated by compression and renaming, and kept a while in that archived format). If you have a log that’s expanded faster than Ubuntu is deleting it, it’s unlikely that you’ll experience any problems from deleting it manually.
However, if you have a log file that’s 22 gigs in size, something very strange is happening, and it would be worthwhile to investigate that. I recommend editing your question again to include a link to the Ubuntu Forums thread you’re talking about, and also to include the full name of the 22 GB log file.