HPE Community
Operating System - HP-UX
1827708 Members
2566 Online
109967 Solutions
New Discussion

Re: Can I delete/nullify this file ?

 
SOLVED
Go to solution
rveri
Super Advisor

‎05-24-2006 03:28 PM

‎05-24-2006 03:28 PM

Can I delete/nullify this file ?

Hi All ,

found /var is 100% . hp-ux 11i.

Also found /var/opt/ids/error.log is 2231MB.

-rw------- 1 ids ids 2240241664 May 24 23:26 error.log


Q: What is this file ? can i nullify it.

Please suggest,
Thanks,
0 Kudos
Reply
6 REPLIES 6
Arunvijai_4
Honored Contributor

‎05-24-2006 03:46 PM

‎05-24-2006 03:46 PM

Re: Can I delete/nullify this file ?

Hi,

You can do it with, # >/var/opt/ids/error.log

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎05-24-2006 03:51 PM

‎05-24-2006 03:51 PM

Solution

Re: Can I delete/nullify this file ?

I would first actually take a look at the log file to see if there is anything in it you should know about.

Log files do not normally get that large without a reason.

Judging from the user id that owns the file and the directory that it is in, I would guess that this log file belongs to some type of IDS (Intrusion Detection System). It could be part of HP's HIDS software.

Do an 'fuser -u error.log' to see what process is accessing the file and then do a 'ps -ef' and look for that process id to see what the actual process is. From there you should be able to determine what the software is that is using this file.

Again, please do not just clear out a log file because it grows too big. You need to understand WHY it is growing so large first so you can fix any problems and hopefully prevent them in the future.
Reply
Raj D.
Honored Contributor

‎05-24-2006 03:58 PM

‎05-24-2006 03:58 PM

Re: Can I delete/nullify this file ?

Hi,

/var/opt/ids/error.log :
This file is from hp-ux Host Intrusion Detection system software, and can be nullified if causing filesystem to full.
But as Patrick said you must check the cause of it .


Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
Reply
rveri
Super Advisor

‎05-24-2006 04:09 PM

‎05-24-2006 04:09 PM

Re: Can I delete/nullify this file ?

Thanks ,

I have nullified it and now /var reduced to 33% .

But I found this file is still growing in fast rate , 124MB so far in just 10 min.

-rw------- 1 ids ids 124520456 May 25 00:00 error.log


Patrick ,
here is the output of # fuser -u error.log

# [/var/opt/ids] fuser -u error.log
error.log: 20754o(ids) 20756o(ids) 20755o(ids)


Any help is highly appreciated,

Thanks,

0 Kudos
Reply
rariasn
Honored Contributor

‎05-24-2006 06:52 PM

‎05-24-2006 06:52 PM

Re: Can I delete/nullify this file ?

Hi rveri,

# ps -fu ids

# /sbin/init.d/idsagent stop

# mv /var/opt/ids/error.log /var/opt/ids/error.log.old

# compress /var/opt/ids/error.log.old

# /sbin/init.d/idsagent start

Verify file /etc/rc.config.d/id

# HP-UX Host IDS configuration.
#
# IDS: Set to 1 to start idsagent daemon on boot
# By default we set it to 0 so that the idsagent startup
# is SKIPed at system boot.
# The IDS_importAgentKeys script will reset the flag
# to 1 once all certificates are generated.
#
IDS=1

If IDS=0 not start process ids agent.

rgs,

ran
0 Kudos
Reply
Darrel Louis
Honored Contributor

‎05-24-2006 10:02 PM

‎05-24-2006 10:02 PM

Re: Can I delete/nullify this file ?

Hi,

If a log file is growing rapidly, always check what is the root cause.

To rotate your logfile, create a script to rotate the logfile regurarly, via cron.
Also check for the logrotate tool.

Darrel
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.