Placing /var/log in its own partition or volume can help to mitigate the
run-away disk usage. If you use audit, then having /var/log/audit on its own
partition or volume helps to assure the audit logs are not affected.
tail -f /var/log/syslog will scroll the syslog (until it rotates) and let you
see a little more of what's happening. If you do not want to do the
logrotate.
I'd start by tailling the files and see what has most recently been writing
to them, that might be enough of a clue. And then you can just echo blacklist
the syslog.
