Search for the largest files in /var/log on Security Analytics

book

Article ID: 169408

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

This explains how to find the 30 largest files on /var/log so that you can free up disk space usage.

Resolution

You can run the following command to display the 30 largest files in the /var/log directory.

# find /var/log -type f -printf '%s %p\n'| sort -nr | head --line=30

Sample of the output:

[[email protected] ~]# find /var/log -type f -printf '%s %p\n'| sort -nr | head --lines=30
452239770 /var/log/audit/audit.log
113188328 /var/log/audit/audit.log.1.gz
102283392 /var/log/wtmp
76669440 /var/log/wtmp-20170401
76211662 /var/log/messages
71288430 /var/log/audit/audit.log.9.gz
47182051 /var/log/audit/audit.log.5.gz
37518164 /var/log/audit/audit.log.8.gz
37024594 /var/log/audit/audit.log.7.gz
35347363 /var/log/secure
34402511 /var/log/audit/audit.log.6.gz
33840821 /var/log/pgbouncer.log
32803501 /var/log/audit/audit.log.4.gz
32249907 /var/log/audit/audit.log.2.gz
31268739 /var/log/audit/audit.log.10.gz
27081556 /var/log/csr-history/ps_e
26518484 /var/log/audit/audit.log.3.gz
26096943 /var/log/cron
25182948 /var/log/prelert/engine_api/jetty_access.log.2017_03_26
24657173 /var/log/prelert/engine_api/jetty_access.log.2017_03_25
[[email protected] ~]# find /var/log -type f -printf '%s %pn'| sort -nr | head --lines=30
452239770 /var/log/audit/audit.log
113188328 /var/log/audit/audit.log.1.gz
102283392 /var/log/wtmp
76669440 /var/log/wtmp-20170401
76211967 /var/log/messages
71288430 /var/log/audit/audit.log.9.gz
47182051 /var/log/audit/audit.log.5.gz
37518164 /var/log/audit/audit.log.8.gz
37024594 /var/log/audit/audit.log.7.gz
35347363 /var/log/secure
34402511 /var/log/audit/audit.log.6.gz
33840821 /var/log/pgbouncer.log
32803501 /var/log/audit/audit.log.4.gz
32249907 /var/log/audit/audit.log.2.gz
31268739 /var/log/audit/audit.log.10.gz
27081556 /var/log/csr-history/ps_e
26518484 /var/log/audit/audit.log.3.gz
26096943 /var/log/cron
25182948 /var/log/prelert/engine_api/jetty_access.log.2017_03_26
24657173 /var/log/prelert/engine_api/jetty_access.log.2017_03_25
16378356 /var/log/prelert/engine_api/jetty_access.log.2017_03_27
15122705 /var/log/prelert/engine_api/jetty_access.log.2017_03_24
14377794 /var/log/prelert/engine_api/jetty_access.log.2017_03_23
5597867 /var/log/httpd/ssl_request_log
3774175 /var/log/csr-history/ps_e-20170407.gz
3756562 /var/log/csr-history/ps_e-20170412.gz
3752385 /var/log/csr-history/ps_e-20170411.gz
3750881 /var/log/csr-history/ps_e-20170410.gz
3741579 /var/log/csr-history/ps_e-20170409.gz
3735180 /var/log/csr-history/ps_e-20170408.gz

Note: For earlier versions, you can use the command  'find /var/log -type f -printf '%s %p\n'| sort -nr | head -30'.

Be very careful when deleting these files.  You should consult with a member of support before blindly deleting files.