ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Filesystem containing "/home" directory fills up on Security Analytics Central Manager


Article ID: 168408


Updated On:


Security Analytics




The /home filesystem can fill up on a Central Manager in some scenarios.

One cause of this is that exported PCAPs and associated zip files are not deleted from /home/apache/pcaps.

This can be diagnosed by running the command "du -skh /home/apache/*" as a user with root privileges to determine if the /home/apache/pcaps folder is taking up all of the filesystem space.

In versions of Security Analytics 7.x prior to v7.1.5, and in the 6.x branch prior to 6.6.11, Central Manager PCAP and zip files in /home/apache/pcaps (from PCAP exports) may not be deleted properly after they are downloaded. Over time, this issue can fill up the filesystem.


This issue is resolved in Security Analytics v6.6.11 and 7.1.5 and later releases, which have had a 72-hour pcap cleanup shell and audit log messages added if the home partition is filling up.


To remove PCAP and zip files in that directory manually, log in via SSH or at the console as a user with root priviliges and run the following command:
# find /home/apache/pcaps/ -regextype posix-egrep -mtime +3 -iregex "(.*\.zip|.*\.pcap)$" -exec rm -f {} \;

This command will delete PCAP and zip files which are more than 72 hours old from /home/apache/pcaps/.