RE: [ossec-list] OSSEC Log Rotation Failing

Wed, 22 Jul 2015 04:51:13 -0700 

Yes, ossec-monitord is running ossec    31115     1  0 Jul21 ?        00:01:17 
/var/ossec/bin/ossec-monitord


I do not believe the FS is out of inodes.

Filesystem            Inodes  IUsed   IFree IUse% Mounted on
/dev/mapper/vg00-rootvol
                      524288 108242  416046   21% /
tmpfs                2041271      1 2041270    1% /dev/shm
/dev/sda1              32768     52   32716    1% /boot
/dev/mapper/vg00-homevol
                     1048576   2477 1046099    1% /home
/dev/mapper/vg00-tmpvol
                      131072     22  131050    1% /tmp
/dev/mapper/vg00-varvol
                      327680   4296  323384    2% /var
/dev/mapper/vg00-crashvol
                       81920     11   81909    1% /var/crash
/dev/mapper/vg00-auditvol
                       65536     21   65515    1% /var/log/audit
/dev/mapper/vg01-optvol
                      655360   3557  651803    1% /opt



From: [email protected] [mailto:[email protected]] On 
Behalf Of dan (ddp)
Sent: Wednesday, July 22, 2015 7:42 AM
To: [email protected]
Subject: Re: [ossec-list] OSSEC Log Rotation Failing


On Jul 22, 2015 7:38 AM, "Farnsworth, Robert" 
<[email protected]<mailto:[email protected]>> wrote:
>
> My log rotation has all of a sudden started to fail on two of my managers, 
> this is causing my file system to fill up every night.
>

Is the fs out of inodes? Is ossec-monitord running?

>
>
> Any suggestions to correcting this problem.
>
>
>
> -rw-r-----. 1 ossec ossec    9959839 Jul 14 04:01 ossec-alerts-13.log.gz
>
> -rw-r-----. 1 ossec ossec        398 Jul 14 04:01 ossec-alerts-13.log.sum
>
> -rw-r-----. 1 ossec ossec          0 Jul 15 04:02 ossec-alerts-14.log.gz
>
> -rw-r-----. 1 ossec ossec          0 Jul 15 04:02 ossec-alerts-14.log.sum
>
> -rw-r-----. 1 ossec ossec          0 Jul 16 04:01 ossec-alerts-15.log.gz
>
> -rw-r-----. 1 ossec ossec          0 Jul 16 04:01 ossec-alerts-15.log.sum
>
> -rw-r-----. 1 ossec ossec          0 Jul 17 04:02 ossec-alerts-16.log.gz
>
> -rw-r-----. 1 ossec ossec          0 Jul 17 04:02 ossec-alerts-16.log.sum
>
> -rw-r-----. 1 ossec ossec          0 Jul 18 04:02 ossec-alerts-17.log.gz
>
> -rw-r-----. 1 ossec ossec          0 Jul 18 04:01 ossec-alerts-17.log.sum
>
> -rw-r-----. 1 ossec ossec          0 Jul 19 04:01 ossec-alerts-18.log.gz
>
> -rw-r-----. 1 ossec ossec          0 Jul 19 04:01 ossec-alerts-18.log.sum
>
> -rw-r-----. 1 ossec ossec          0 Jul 20 04:03 ossec-alerts-19.log.gz
>
> -rw-r-----. 1 ossec ossec          0 Jul 20 04:02 ossec-alerts-19.log.sum
>
> -rw-r-----. 1 ossec ossec          0 Jul 21 04:07 ossec-alerts-20.log.gz
>
> -rw-r-----. 1 ossec ossec          0 Jul 21 04:02 ossec-alerts-20.log.sum
>
> -rw-r-----. 1 ossec ossec          0 Jul 22 04:04 ossec-alerts-21.log.gz
>
> -rw-r-----. 1 ossec ossec          0 Jul 22 04:01 ossec-alerts-21.log.sum
>
> -rw-r-----. 2 ossec ossec 3597332480 Jul 22 11:30 ossec-alerts-22.log
>
>
>
> Thanks
>
>
>
> Robert
>
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups 
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to 
> [email protected]<mailto:ossec-list%[email protected]>.
> For more options, visit https://groups.google.com/d/optout.
--

---
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to 
[email protected]<mailto:[email protected]>.
For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to