Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
What files to remove from /usr, /var, /etc, /opt to make space.
- Thread starter AIXdream
- Start date
KenCunningham
Technical User
If you don't need them, you can blank /var/adm/utmpx and wtmpx (and wtmp) as these tend to grow with system use:
cat /dev/null > /var/adm/utmpx etc
Also (again if it's not used for anything and depending on your security policies) do the same for /var/adm/sulog
On Solaris you might also check for 'undo' files under /var/sadm/<package>/save, veryifying first that you're happy to remove them (ie if they're very old it's unlikely that you would want to back out of the patch concerned.
You have checked for our old friend core files haven't you?
find /var -name core
Hope this gives you a few ideas.
I want to be good, is that not enough?
cat /dev/null > /var/adm/utmpx etc
Also (again if it's not used for anything and depending on your security policies) do the same for /var/adm/sulog
On Solaris you might also check for 'undo' files under /var/sadm/<package>/save, veryifying first that you're happy to remove them (ie if they're very old it's unlikely that you would want to back out of the patch concerned.
You have checked for our old friend core files haven't you?
find /var -name core
Hope this gives you a few ideas.
I want to be good, is that not enough?
Hi there,
there are often several *.log files under
/var/
/var/tmp/
/var/adm/
/var/adm/ras/
you might want to empty, for as long as everything is running smooth on your system, you don't really have any need for the information contained in those files.
But in any way: Have a look at the content first and then decide whether you want to keep the information or not.
Best way to empty the files would be
> ./filename.log
because there might be programs, that only write information to the log as long as the file exists. So if you delete the file itself the logging might stop. Using the ">" to empty the file would than be the safer way ...
Regards
Thomas
there are often several *.log files under
/var/
/var/tmp/
/var/adm/
/var/adm/ras/
you might want to empty, for as long as everything is running smooth on your system, you don't really have any need for the information contained in those files.
But in any way: Have a look at the content first and then decide whether you want to keep the information or not.
Best way to empty the files would be
> ./filename.log
because there might be programs, that only write information to the log as long as the file exists. So if you delete the file itself the logging might stop. Using the ">" to empty the file would than be the safer way ...
Regards
Thomas
I wont touch anything in /usr nor in /etc.
If you have hacmp running you COULD have a file called /usr/es/adm/cluster.log which could be trimmed.
The /var/adm/wtmp file holds all the accounting history so... if you are not interested in "who has logged on" you can flush it merely doing "> /var/adm/wtmp"
If not you should use the fwtmp command to translate this file in an ASCII one , then trim it, and rebuild the wtmp file.
If you have HACMP running you will have a bunch of file in /var/hacmp/log and /var/ha/log they are useful only in case of problem with HACMP so you can zap the oldest ones
Look for the syslogd files, they can grow very rapdisly according to the settings of syslogd
If you have hacmp running you COULD have a file called /usr/es/adm/cluster.log which could be trimmed.
The /var/adm/wtmp file holds all the accounting history so... if you are not interested in "who has logged on" you can flush it merely doing "> /var/adm/wtmp"
If not you should use the fwtmp command to translate this file in an ASCII one , then trim it, and rebuild the wtmp file.
If you have HACMP running you will have a bunch of file in /var/hacmp/log and /var/ha/log they are useful only in case of problem with HACMP so you can zap the oldest ones
Look for the syslogd files, they can grow very rapdisly according to the settings of syslogd
You can commit software and reject uneeded ones!
check the users mail boxes! some time you might need to restrict them especially the ones who likes to keep memories in their mail account!
/var/spool/mail
$HOME/mbox
see if there is any core dump that is not needed in /var/adm/ras
Regards,
Khalid
check the users mail boxes! some time you might need to restrict them especially the ones who likes to keep memories in their mail account!
/var/spool/mail
$HOME/mbox
see if there is any core dump that is not needed in /var/adm/ras
Regards,
Khalid
- Thread starter
- #7
on AIX
leave /usr alone ALL commands and libraries are in it!!
Usually an application written for UNIX will spool to /tmp or /var but not /usr so it should not increase even if it is almost full unless you install some software.
Here some help from mt notes on AIX
#!/usr/bin/ksh
#script to clean up but keep /var log files
#
# error report clean up and log retention
/usr/bin/errpt -a >> /tmp/errpt_a.old
gzip /tmp/errpt_a.old
/usr/lib/errstop
/usr/bin/rm /var/adm/ras/errlog
/usr/lib/errdemon &
/usr/bin/mv /tmp/errpt_a.old.gz /var/adm/ras/errpt_a.old.gz
#
#remove vi's temp buffer files
/usr/bin/rm /var/preserve/*
#wtmp clean-up
/usr/bin/cp /var/adm/wtmp /tmp/wtmp
gzip /tmp/wtmp
/usr/bin/cp /dev/null /var/adm/wtmp
/usr/bin/mv /tmp/wtmp.gz /var/adm/wtmp
#
#clean-up sudo.log and maintain history
#
#
/usr/bin/stopsrc -s syslogd
/usr/bin/cp /var/log/sudo.log /tmp/sudo.log
gzip /tmp/sudo.log
/usr/bin/mv /tmp/sudo.log.gz /var/log/sudo.log.gz
/usr/bin/touch /var/log/sudo.log
/usr/bin/startsrc -s syslogd
#
#If var has 100% of inodes used
#
cd /var/spool/mqueue
# find files older than 30 days in this mail queue
/usr/bin/find . -mtime +30 -ls
# remove these files
/usr/bin/find . -mtime +30 -exec rm {} \;
#
#
# find files larger than 10mg in size in /var
/usr/bin/find /var -xdev -size +20480 -ls
#note and vmcore file is a system dump and if it is more than 60 days old OR
#you have just closed a PR on that issue then you should be able to remove it
#
#
#Cleaning /home
#unless requested in a PR please do not remove files in /home unless they are yours
#increase filesystem size!!!!
#increasing 1 mg
/usr/sbin/chfs -a size=+2048 /home
#
#
#Cleaning /tmp
#First remove root owned file more than 60 days old
# to list them
/usr/bin/find /tmp -xdev -mtime +60 -user root -ls
#to remove them
/usr/bin/find /tmp -xdev -mtime +60 -user root -exec rm {} \;
#
#Otherwise, find files 10 mg or larger then contacgt user for permission to
#remove. Otherwise we must advise DPE's that we will not backup and we will remove
#any files in this directory.
#
#most usernames are the lotus notes short name;toherwise,look in the /etc/passwd to
#see who 'owns' the user.
/usr/bin/find /tmp -xdev -size +20480 -ls
#
#
#when / is full, first look for a large file
#
/usr/bin/find / -xdev -size +20480 -ls |sort -r +6
#this will find files over 10 mg and sort them in reverse order with the
#largest files first
#If you find a core file -- check the error log to see what application created
#it. Then contact user to see where they want it placed (or remove it)
who /etc/security/failedlogin
The condition of TTYs respawning too rapidly will create failed login entries. To clear the file after reading or saving the output, execute the following command:
cp /dev/null /etc/security/failedlogin
Also, look in /dev
their shold be an rmt0 (if you have a tape drive)
when some people run back-ups they do a rmto where the last character is alpha but should be numeric
if alpha is done then the back-up goes to a file in /dev called rmto not a tape drive. the file can get quite large.
Hope that this helps
leave /usr alone ALL commands and libraries are in it!!
Usually an application written for UNIX will spool to /tmp or /var but not /usr so it should not increase even if it is almost full unless you install some software.
Here some help from mt notes on AIX
#!/usr/bin/ksh
#script to clean up but keep /var log files
#
# error report clean up and log retention
/usr/bin/errpt -a >> /tmp/errpt_a.old
gzip /tmp/errpt_a.old
/usr/lib/errstop
/usr/bin/rm /var/adm/ras/errlog
/usr/lib/errdemon &
/usr/bin/mv /tmp/errpt_a.old.gz /var/adm/ras/errpt_a.old.gz
#
#remove vi's temp buffer files
/usr/bin/rm /var/preserve/*
#wtmp clean-up
/usr/bin/cp /var/adm/wtmp /tmp/wtmp
gzip /tmp/wtmp
/usr/bin/cp /dev/null /var/adm/wtmp
/usr/bin/mv /tmp/wtmp.gz /var/adm/wtmp
#
#clean-up sudo.log and maintain history
#
#
/usr/bin/stopsrc -s syslogd
/usr/bin/cp /var/log/sudo.log /tmp/sudo.log
gzip /tmp/sudo.log
/usr/bin/mv /tmp/sudo.log.gz /var/log/sudo.log.gz
/usr/bin/touch /var/log/sudo.log
/usr/bin/startsrc -s syslogd
#
#If var has 100% of inodes used
#
cd /var/spool/mqueue
# find files older than 30 days in this mail queue
/usr/bin/find . -mtime +30 -ls
# remove these files
/usr/bin/find . -mtime +30 -exec rm {} \;
#
#
# find files larger than 10mg in size in /var
/usr/bin/find /var -xdev -size +20480 -ls
#note and vmcore file is a system dump and if it is more than 60 days old OR
#you have just closed a PR on that issue then you should be able to remove it
#
#
#Cleaning /home
#unless requested in a PR please do not remove files in /home unless they are yours
#increase filesystem size!!!!
#increasing 1 mg
/usr/sbin/chfs -a size=+2048 /home
#
#
#Cleaning /tmp
#First remove root owned file more than 60 days old
# to list them
/usr/bin/find /tmp -xdev -mtime +60 -user root -ls
#to remove them
/usr/bin/find /tmp -xdev -mtime +60 -user root -exec rm {} \;
#
#Otherwise, find files 10 mg or larger then contacgt user for permission to
#remove. Otherwise we must advise DPE's that we will not backup and we will remove
#any files in this directory.
#
#most usernames are the lotus notes short name;toherwise,look in the /etc/passwd to
#see who 'owns' the user.
/usr/bin/find /tmp -xdev -size +20480 -ls
#
#
#when / is full, first look for a large file
#
/usr/bin/find / -xdev -size +20480 -ls |sort -r +6
#this will find files over 10 mg and sort them in reverse order with the
#largest files first
#If you find a core file -- check the error log to see what application created
#it. Then contact user to see where they want it placed (or remove it)
who /etc/security/failedlogin
The condition of TTYs respawning too rapidly will create failed login entries. To clear the file after reading or saving the output, execute the following command:
cp /dev/null /etc/security/failedlogin
Also, look in /dev
their shold be an rmt0 (if you have a tape drive)
when some people run back-ups they do a rmto where the last character is alpha but should be numeric
if alpha is done then the back-up goes to a file in /dev called rmto not a tape drive. the file can get quite large.
Hope that this helps
- Thread starter
- #9
how come it is under / and not under /var/adm/ras!?!
If it is an old core dump that is not needed for now then you can safely remove it! but if is a recent one! then i advice you to investigate more on that! and maybe call IBM
You can try and read the dump using kdb!
man kdb
Regards,
Khalid
If it is an old core dump that is not needed for now then you can safely remove it! but if is a recent one! then i advice you to investigate more on that! and maybe call IBM
You can try and read the dump using kdb!
man kdb
Regards,
Khalid
- Status
Similar threads
- Question