cancel
Showing results for 
Search instead for 
Did you mean: 

RHEL7 under /var has a nailsd.db file that size of 1.4 GB

Jump to solution

 

Hello, recently McAfee was upgraded on a RHEL 7 VM and I've noticed that there is a nailsd.db file that is 1.4 GB in size under /var/opt/NAI/LinuxShield/etc/

 

[root@hostname ~]# ls -lh /var/opt/NAI/LinuxShield/etc
total 1.4G
-rw-r--r--. 1 root root 0 Feb 19 10:44 ExclusionFile
-rw-rw----. 1 root nailsgroup 1.4K Nov 8 12:00 monitor.cfg
-rw-r-----. 1 root root 14K Nov 8 12:08 nailsd.cfg
-rw-rw----. 1 root nailsgroup 1.4G Feb 19 14:33 nailsd.db
-rw-r-----. 1 root nailsgroup 5.3K Nov 8 12:00 ods.cfg

 

This large file is consuming most of the space of /var and logs can't be written.   

 

Why is this file so big?  

 

Is there something else going on here that I don't know about to why this file is so big?  


Is there anything that I can do about this?  

 

I found this URL about re-creating the nailsd.db file, 

 

https://kc.mcafee.com/corporate/index?page=content&id=KB81917&actp=null&locale=en_US&viewlocale=en_U...

 

Would this apply to this situation? 

 

Also my McAfee team is remote and they are hard to get ahold of and get answers from. 

 

thanks

 

 

3 Solutions

Accepted Solutions

Re: RHEL7 under /var has a nailsd.db file that size of 1.4 GB

Jump to solution

 

 

I went ahead and followed the following: 

 

https://kc.mcafee.com/corporate/index?page=content&id=KB81917&actp=null&locale=en_US&viewlocale=en_U...

 

Seems to have worked so far as the size of the new nailsd.db is only 28K, on this RHEL 7 VM.  

 

I looked at another RHEL 6 VM and the size of the nailsd.db is around 806K.

 

Do we know a typical size for this file? 

 

thanks

 

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: RHEL7 under /var has a nailsd.db file that size of 1.4 GB

Jump to solution

The database file contains various information and config settings so there is no benchmark we could give you as to how big it should be. Even things like events will be stored there so a system which generates a lot of events would have a bigger db size than others.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: RHEL7 under /var has a nailsd.db file that size of 1.4 GB

Jump to solution

@19rellimcm37 This is variable based on your retention settings for events/information.
If you were to move to ENSL, it does not utilize this file, as it's architecture is different, and would eliminate your need to monitor it/have space allocated for it.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

 

7 Replies
McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: RHEL7 under /var has a nailsd.db file that size of 1.4 GB

Jump to solution

You may want to look at KB81917

I've seen this in the past where there has not been enough disk space present. Also there is a setting within the extension you may want to check called max Log Age - you might want to consider making this max age smaller depending on how big it is.

Are you seeing a lot of events for this system reported in ePO?

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: RHEL7 under /var has a nailsd.db file that size of 1.4 GB

Jump to solution

 

So all of our McAfee management is done by another team remotely, so I don't have access to the ePO.  It also makes troubleshooting hard as they primarily do Windows and don't have a solid understanding of Linux.  

What do you mean there is a setting in the exension and something called Log Age and max age?  Not familiar with either one.  

I ran nails dump --verbose and there were alot of error messages and the file was 1.54 GB in size, however those error messages are pointing to that /var partition is full.  

 

 

 

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: RHEL7 under /var has a nailsd.db file that size of 1.4 GB

Jump to solution

If /var/ was full then that would most certainly be a problem. The option I was referencing is in the general settings, there is an option under "logging" for "Limit age of log entries". This will clear out some of the events stored locally. But if that directory is full then this would need to be cleared to allow the db file to clear out.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: RHEL7 under /var has a nailsd.db file that size of 1.4 GB

Jump to solution

 

 

I went ahead and followed the following: 

 

https://kc.mcafee.com/corporate/index?page=content&id=KB81917&actp=null&locale=en_US&viewlocale=en_U...

 

Seems to have worked so far as the size of the new nailsd.db is only 28K, on this RHEL 7 VM.  

 

I looked at another RHEL 6 VM and the size of the nailsd.db is around 806K.

 

Do we know a typical size for this file? 

 

thanks

 

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 6 of 8

Re: RHEL7 under /var has a nailsd.db file that size of 1.4 GB

Jump to solution

The database file contains various information and config settings so there is no benchmark we could give you as to how big it should be. Even things like events will be stored there so a system which generates a lot of events would have a bigger db size than others.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: RHEL7 under /var has a nailsd.db file that size of 1.4 GB

Jump to solution

 

That KB fix has seemed to have fix the issue for right now.  I will continue to monitor the size of the .db file as time moves forward. 

 

Thanks for the help with this as I'm not a McAfee expert with RHEL, however always willing to roll up my sleeves here. 

 

thanks

 

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: RHEL7 under /var has a nailsd.db file that size of 1.4 GB

Jump to solution

@19rellimcm37 This is variable based on your retention settings for events/information.
If you were to move to ENSL, it does not utilize this file, as it's architecture is different, and would eliminate your need to monitor it/have space allocated for it.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator