Partition /var/log is full (100% usage) in Endpoint Detection and Response
Article ID: 387192
Updated On:
Products
Endpoint Detection and Response
Issue/Introduction
Partition /var/log is full (100% usage) in Symantec Endpoint Detection and Response (EDR).
Environment
SEDR 4.8, 4.9.x, 4.10, 4.12
Cause
Log file getting filled with excessive statements causing the issue of partition /var/log getting full.
Resolution
This issue is fixed in EDR 4.11.
For EDR builds 4.8 to 4.10, install atp-patch-generic-4.8_4.9_4.10-1 as follows to fix it:
- To confirm the patch is available:
patch listorpatch list -v atp-patch-generic-4.8_4.9_4.10-1 - To download:
patch download atp-patch-generic-4.8_4.9_4.10-1 - To install:
patch install atp-patch-generic-4.8_4.9_4.10-1
Note: The issue is also seen in upgrade scenarios from 4.10 Restore/Upgrade ISO to EDR 4.12, atp-patch3-generic-4.10.0_4.11.0_4.12.0-1 can be installed to fix it.
Additional Information
How to install patches for SEDR
If "patch list" command times out, refer : Failed to apply patch in Endpoint Detection and Response
Feedback
Yes
No
Powered by
