/var is 80% full due to /var/log/btmp

discovery

Active Member
Nov 11, 2008
28
0
51
I have this problem with /var getting full

now I have /var at 80% and the problem is /var/log/btmp file which is taking 1,5G from 2,5G

can I safely delete this file? guess not.

any way to safely empty the file?

I have the rotate logs activated and all other log are rotated nicely.
Any way to rotate this one too? I think it will be safer to rotate it first and then delete the rotated file.

Thank you.
 

check45

Registered
Dec 19, 2008
3
0
51
Hello,

The btmp log keeps track of failed login attempts.
you can check the logs using command
last -f /var/log/btmp
in this logs you can see ip address from which particular action is taken.

if this file occupies more space on server then you can flush it with following command.

#echo > /var/log/btmp
 

Indianets

Well-Known Member
PartnerNOC
Jun 13, 2008
69
0
56
cPanel Access Level
Root Administrator
Hello,

Once you have got into this trouble, the best way is to move /var/log to your another drive or disk (disk is better IMO) to avoid any such frustration in future.

I had similar issues and I regretted on having default /var partition size of my DC. I believe cPanel should warn for small /var size as it stores mysql and log.

You can rsync the log dir to /backup/varlog or similar and then symlink /var/log to /backup/varlog provided /backup is a separate disk. You can stop worrying about /var filled up after this :)

Anyone has a better resolution, I would love to know as well.

Thanks,
Vijay