Log files consuming excess amount of storage space in VMware Cloud Director 10.5 and 10.6
search cancel

Log files consuming excess amount of storage space in VMware Cloud Director 10.5 and 10.6

book

Article ID: 328001

calendar_today

Updated On: 05-22-2025

Products

VMware Cloud Director

Issue/Introduction

  • /var/log/messages not rotating on VMware Cloud Director (VCD) cells causing root  ("/") partition exhaustion.
  • Default /etc/logrotate.d/messages-and-auth configuration does not change /var/log/messages output file until to trigger /var/log/auth.log rotation.

Environment

VMware Cloud Director 10.x

Cause

This default /etc/logrotate.d/messages-and-auth configuration could not restart rsyslogd.service when only /var/log/messages was rotated.

Default:
/etc/logrotate.d/messages-and-auth

/var/log/messages {
        minsize 10M
        daily
        rotate 10
        compress
        delaycompress
        notifempty
}

/var/log/auth.log {
        minsize 10M
        daily
        rotate 10
        compress
        delaycompress
        notifempty
        postrotate
                /usr/bin/systemctl restart rsyslog.service
        endscript
}
 

In VCD 10.6 and later, auth log output destination has changed from /var/log/auth.log to /var/log/messages.

As a result, /var/log/auth.log will be no longer rotated and more likely to run out root ("/") partition due to this issue.

Resolution

Currently there is no resolution.

Workaround:

Edit /etc/logrotate.d/messages-and-auth file as follow:

Up to version 10.5.1.1

/var/log/messages {
        minsize 10M
        daily
        rotate 10
        compress
        delaycompress
        notifempty
        postrotate
                /usr/bin/systemctl restart rsyslog.service
        endscript
}

/var/log/auth.log {
        minsize 10M
        daily
        rotate 10
        compress
        delaycompress
        notifempty
        postrotate
                /usr/bin/systemctl restart rsyslog.service
        endscript
}

 

Version 10.6 and later

/var/log/messages {
        minsize 10M
        daily
        rotate 10
        compress
        delaycompress
        notifempty
        postrotate
                /usr/bin/systemctl restart rsyslog.service
        endscript
}

Note: Since VCD 10.6 and later, auth log output destination has changed from /var/log/auth.log to /var/log/messages. It no need to rotate /var/log/auth.log.

 

After these changes are made restart rsyslog.service running the command below:

systemctl restart rsyslog

 

Additional Information

If above log rotation policy does not meet the requirements of the service provider file retention policy, make changes to the following parameters: 

minsize <size>

Log files are rotated when they grow larger than the specified size but not before the specified time interval.

rotate <number>

Indicates how many times to rotate before deleting a file.

Subscribe to this knowledge article to get updates on this issue

Powered by Wolken Software