I'm using MWG v7.4. /Opt/mwg/temp folder is full, I did using CLI "service mwg restart" to remove it. But I see this folder grows so fast. In 3 hours, this folder is full (22GB) again.
Please help me this case.
3 quick thoughts on options:
Rule tracinig is enabled
Connection Tracing is enabled
The gateway creates corefile constantly.
Check if you have rule tracing enabled per a rule.
Check if connection tracing is enabled under Configuration > Troubleshooting
Check as part of Troubleshooting > Logs if you see many cores.
you are using a VM and the disk too small <200GB.
Thanks you for your help.
Rule tracinig is enabled => no
Connection Tracing is enabled => no
I did reboot MWG but the issue still not solve.
i'm using a VM and the disk > 400GB.
Pls help me .
If you traverse to that directory and pull a directory listing what's there?
I'm curious about the date and size of the temp files.
Same problem here, we get files called mwg-core_tempfile in /opt/mwg/temp
-rw-r--r-- 1 mwg mwg 457362 Jun 30 13:02 mwg-core_tempfile1467284543-2346
-rw-r--r-- 1 mwg mwg 107507 Jun 30 13:16 mwg-core_tempfile1467285405-3513
-rw-r--r-- 1 mwg mwg 2632202 Jun 30 13:20 mwg-core_tempfile1467285651-3773
-rw-r--r-- 1 mwg mwg 66434 Jun 30 13:26 mwg-core_tempfile1467286007-4055
-rw-r--r-- 1 mwg mwg 637987 Jun 30 13:35 mwg-core_tempfile1467286535-4927
Those files are never older than 1 hour. Looks good so far.
But since 2 days we are encountering the problem that there's one file that keeps growing until the partition is full and the appliance stops working. That happened at a filesize of about 25GB last time.
It happened 3 times now. Fortunately only one gateway in the cluster is affected at a time.
Our first thought is a download of a very big file by the user that causes the problem. Can anybody confirm that downloads are stored in /opt/mwg/temp in order to get scanned for viruses? Or are we heading the wrong direction?
We are skipping anti virus on large files in the ruleset but maybe the webserver does not report the size of the file at the beginning of the download.
we saw the same yesterday at a customer where the TMP partition was 40GB in Size. Therefore we executed the mwg-cache-wizard tool and changed to the alternate disk schema.
After a reboot files with almost approx. 60GB where stored in this partition.
- There is no tracing active
- The LOG Files are removed
But regardless, with less user traffic, there are approx. 60GB stored in the TMP directory (info on the MWG GUI)
We did no further analysis, because now, with the changed partition schema anything is fine. :-)