PowerPath Management Appliance audit log increases leading to root filesystem going to over 90% full

           

   Article Number:     537576                                   Article Version: 2     Article Type:    Break Fix 
   

 


Product:

 

PowerPath Management Appliance,PowerPath Management Appliance 2.5

 

Issue:

 

 

The PowerPath Management Appliance is experiencing root filesystem full conditions.   
    We can see from 'df -k' the following:   
   
    testbox1:/ # df -k   
   
    Filesystem Type 1K-blocks Used Available Use% Mounted on   
    devtmpfs devtmpfs 2015060 0 2015060     0% /dev   
    tmpfs tmpfs 2022824 0 2022824         0% /dev/shm   
    tmpfs tmpfs 2022824 205628 1817196     11% /run       
    tmpfs tmpfs 2022824 0 2022824         0% /sys/fs/cgroup   
    /dev/mapper/systemVG-LVRoot ext3 13875120 11799112 1364536     90% /   
    tmpfs tmpfs 2022824 44404 1978420     3% /tmp   
    /dev/sda3 ext3 222988 93274 117990     45% /boot   
    /dev/sda2 vfat 204584 800 203784     1% /boot/efi   
    tmpfs tmpfs 404568 0 404568         0% /run/user/0   
   
   
    On further investigation, we can see in this instance that the Audit log (/var/log/audit) is over 6GB in size.   
    The customer deleted the Audit log but noted several days later that the log had again incremented in size and root filesystem was again over 90% full.
                                                           

 

 

Cause:

 

 

This condition is related to a known issue during upgrades of SLES 12.X to SLES 12 SP3 (i.e an upgrade of the PowerPath Management Appliance to version 2.5).   
    The following SuSE article deals with this:   
   
    https://www.suse.com/releasenotes/x86_64/SUSE-SLES/12-SP3/#fate-322037   
   
    The logrotate demon will be stopped post upgrade from SLES 12 .X to SLES 12 SP3.  Because of this the audit log will not be rotated.   
     
                                                           

 

 

Change:

 

 

Upgrade of PowerPath Management Appliance from version 2.4 to 2.5.                                                           

 

 

Resolution:

 

 

Run the following commands to restart the relevant daemon and ensure that logrotate functions correctly:   
   
   
    # systemctl status logrotate.timer ​​​​     (confirm status of logrotate daemon)   
   
    #systemctl enable logrotate.timer     
      #systemctl restart logrotate.timer
   
   
    # systemctl status logrotate.timer