Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Max out inodes issue

Discussion in 'General Discussion' started by PPNSteve, Dec 18, 2017.

Tags:
  1. PPNSteve

    PPNSteve Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    409
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Somewhere in Ilex Forest
    cPanel Access Level:
    Root Administrator
    Twitter:
    Code:
    Disk usage warning
    
    The filesystem “/usr” mounted at “/usr” reached “critical” status because you currently use 99.74% of its available inodes.
    
    [B]Notification Type: [/B]critical 
    
    [B]Server:[/B] crz01.[redacted]
    
    [B]Primary IP Address:[/B]
    
    [redacted]
    
    [B]Filesystem: [/B]/usr
    
    [B]Mount Point: [/B]/usr
    
    [B]Percent Used: [/B]99.74%
    
    [B]Inode Usage:[/B]
    Used: 1,045,922
    Available: 2,654
    Total: 1,048,576
    
    [B]ChkServd Version: [/B]17.0
    and so on.. now how does a default cPanel install (on centOS 6.x) with a single site running on it max out inodes in /usr?

    More importantly, how can I fix it?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 PPNSteve, Dec 18, 2017
    Last edited by a moderator: Dec 19, 2017
  2. Eminds

    Eminds Well-Known Member

    Joined:
    Nov 10, 2016
    Messages:
    274
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    /usr folder has sub folders which contains log files and important cpanel stuff. Check the size of the folders accordingly with du -sh * command and it will give you an idea of what is consuming the disk space.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. PPNSteve

    PPNSteve Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    409
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Somewhere in Ilex Forest
    cPanel Access Level:
    Root Administrator
    Twitter:
    mod_sec audit logs was the cause.. one per day in a folder since it was installed/enabled. removed all but the latest and went from 100% inode usage to 17% in /usr
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,400
    Likes Received:
    1,953
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Is this system using EasyApache 3 or EasyApache 4? Can you provide an example of how the directory structure looked so we can verify the logs were being rotated?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. PPNSteve

    PPNSteve Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    409
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Somewhere in Ilex Forest
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi,

    Yeah, Its using EA 3.

    here is a copy/pasta from my ssh shell session:
    Code:
    root@crz01 [~]# cd  /usr/local/apache/logs/modsec_audit
    root@crz01 [/usr/local/apache/logs/modsec_audit]# ls -al
    total 64
    drwx-wx-wt 5 root     root      4096 Dec 19 07:08 ./
    drwxr-xr-x 4 root     root      4096 Dec 19 12:00 ../
    drwxr-x--- 3      504      515  4096 Sep 15  2015 crzaccou/
    -rw-r--r-- 1      504      515     1 Sep 15  2015 crzaccou.offset
    drwxr-x--- 3      505      516  4096 Sep 15  2015 crzadmn/
    -rw-r--r-- 1      505      516     1 Sep 15  2015 crzadmn.offset
    -rw-r--r-- 1 crzscore crzscore     1 Nov 21  2016 crzscore.offset
    drwxr-x--- 4 nobody   nobody   32768 Dec 19 02:05 nobody/
    root@crz01 [/usr/local/apache/logs/modsec_audit]# cd crzadmn/
    root@crz01 [/usr/local/apache/logs/modsec_audit/crzadmn]# ls -al
    total 12
    drwxr-x--- 3  505  516 4096 Sep 15  2015 ./
    drwx-wx-wt 5 root root 4096 Dec 19 07:08 ../
    drwxr-x--- 4  505  516 4096 Sep 15  2015 20150915/
    root@crz01 [/usr/local/apache/logs/modsec_audit/crzadmn]# cd ../nobody
    root@crz01 [/usr/local/apache/logs/modsec_audit/nobody]# ls -al
    total 56
    drwxr-x---   4 nobody nobody 32768 Dec 19 02:05 ./
    drwx-wx-wt   5 root   root    4096 Dec 19 07:08 ../
    drwxr-x--- 287 nobody nobody 12288 Dec 18 16:45 20171218/
    drwxr-x---  83 nobody nobody  4096 Dec 19 07:05 20171219/
    root@crz01 [/usr/local/apache/logs/modsec_audit/nobody]# cd 20171218/
    root@crz01 [/usr/local/apache/logs/modsec_audit/nobody/20171218]# ls -al
    total 1188
    drwxr-x--- 287 nobody nobody 12288 Dec 18 16:45 ./
    drwxr-x---   4 nobody nobody 32768 Dec 19 02:05 ../
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:00 20171218-0000/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:05 20171218-0005/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:10 20171218-0010/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:15 20171218-0015/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:19 20171218-0019/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:20 20171218-0020/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:25 20171218-0025/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:30 20171218-0030/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:35 20171218-0035/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:40 20171218-0040/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:45 20171218-0045/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:49 20171218-0049/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:50 20171218-0050/
    drwxr-x---   2 nobody nobody  4096 Dec 18 00:55 20171218-0055/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:00 20171218-0100/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:05 20171218-0105/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:09 20171218-0109/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:10 20171218-0110/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:15 20171218-0115/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:20 20171218-0120/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:25 20171218-0125/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:30 20171218-0130/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:35 20171218-0135/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:40 20171218-0140/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:45 20171218-0145/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:50 20171218-0150/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:51 20171218-0151/
    drwxr-x---   2 nobody nobody  4096 Dec 18 01:55 20171218-0155/
    [shortened]
    drwxr-x---   2 nobody nobody  4096 Dec 18 16:30 20171218-1630/
    drwxr-x---   2 nobody nobody  4096 Dec 18 16:34 20171218-1634/
    drwxr-x---   2 nobody nobody  4096 Dec 18 16:35 20171218-1635/
    drwxr-x---   2 nobody nobody  4096 Dec 18 16:40 20171218-1640/
    drwxr-x---   2 nobody nobody  4096 Dec 18 16:45 20171218-1645/
    root@crz01 [/usr/local/apache/logs/modsec_audit/nobody/20171218]# cd 20171218-1645/
    root@crz01 [/usr/local/apache/logs/modsec_audit/nobody/20171218/20171218-1645]# ls -al
    total 20
    drwxr-x---   2 nobody nobody  4096 Dec 18 16:45 ./
    drwxr-x--- 287 nobody nobody 12288 Dec 18 16:45 ../
    -rw-r-----   1 nobody nobody  2080 Dec 18 16:45 20171218-164501-Wjg23UpWraoAAAEufK0AAAAD
    root@crz01 [/usr/local/apache/logs/modsec_audit/nobody/20171218/20171218-1645]#
    
    
    etc...

    note that this is under the 'nobody' apache account. the end user account(s) don't seem to be having the issue.. (are rotated)
    it does that for every day in its dir.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,400
    Likes Received:
    1,953
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. PPNSteve

    PPNSteve Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    409
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Somewhere in Ilex Forest
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not sure.. getting a bunch of warnings when the pre-flight checks are run:
    /snag.gy/yP6nGK.jpg

    safe to ignore or ??
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 PPNSteve, Dec 19, 2017
    Last edited by a moderator: Dec 19, 2017
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,400
    Likes Received:
    1,953
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Those are non-fatal errors, and are displayed to note a difference in the EA4 profile compared to the EA3 profile:

    SOLVED - Migrate EA3 to EA4 issues

    The primary notice I see relates to suPHP, as it is not compatible with the mpm_itk or the mod_ruid2 Apache module. Thus, the EasyApache 4 conversion script is letting you know it will not install suPHP since you are using Mod_Ruid2. You can review the following documents to determine which PHP handlers and MPM options are supported:

    Multi-Processing Modules - MPMs - EasyApache 4 - cPanel Documentation
    PHP Handlers - EasyApache 4 - cPanel Documentation

    Let us know of any additional questions.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. PPNSteve

    PPNSteve Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    409
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Somewhere in Ilex Forest
    cPanel Access Level:
    Root Administrator
    Twitter:
    well looks like that server migrated just fine (so far) then again it's only hosting a single site.
    Will update if anything strange happens or if that inode / log issue returns.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice