8 Replies Latest reply on Sep 18, 2012 6:29 AM by mathew.d.hailey

    CC 5.2.1 logs

      Hi,

       

      We are regularly fighting disk space issues of the / partition in Control Center.  At the moment, even though we have the log retention set to 5 days (Control Center -> Logs -> Server Logs -> Settings), catalina.yyyy-mm-dd.log and localhost_access_log.yyyy-mm-dd.txt files are not being cleared at all.  How can I fix this?  Will there ever be a solution that would allow me to move a significant part of the data (such as SW_Updates) to /opt/security/var which has 210 GB free?

       

      (I have deleted all 8.1.* updates so I have some space for a little while)

       

      Thanks.

       

      $ ls -al /usr/local/tomcat/logs

      total 323328

      drwxrwx---   2 tomcat tomcat    8192 May 23 14:36 .

      drwxrwx---  13 tomcat tomcat    4096 Dec 13 15:47 ..

      -rw-rw-r--   1 tomcat tomcat       0 Feb  7 11:24 admin.2012-02-07.log

      -rw-rw-r--   1 tomcat tomcat       0 Mar 27 16:24 admin.2012-03-27.log

      -rw-rw-r--   1 tomcat tomcat       0 May 23 11:39 admin.2012-05-23.log

      -rw-rw-r--   1 tomcat tomcat 6500503 Apr 20 23:59 catalina.2012-04-20.log

      -rw-rw-r--   1 tomcat tomcat 6660726 Apr 21 23:59 catalina.2012-04-21.log

      -rw-rw-r--   1 tomcat tomcat 6666047 Apr 22 23:59 catalina.2012-04-22.log

      -rw-rw-r--   1 tomcat tomcat 6660125 Apr 23 23:59 catalina.2012-04-23.log

      -rw-rw-r--   1 tomcat tomcat 6665130 Apr 24 23:59 catalina.2012-04-24.log

      -rw-rw-r--   1 tomcat tomcat 6662306 Apr 25 23:59 catalina.2012-04-25.log

      -rw-rw-r--   1 tomcat tomcat 6650658 Apr 26 23:59 catalina.2012-04-26.log

      -rw-rw-r--   1 tomcat tomcat 6693380 Apr 27 23:59 catalina.2012-04-27.log

      -rw-rw-r--   1 tomcat tomcat 6659961 Apr 28 23:59 catalina.2012-04-28.log

      -rw-rw-r--   1 tomcat tomcat 6640515 Apr 29 23:59 catalina.2012-04-29.log

      -rw-rw-r--   1 tomcat tomcat 6629181 Apr 30 23:59 catalina.2012-04-30.log

      -rw-rw-r--   1 tomcat tomcat 6526719 May  1 23:59 catalina.2012-05-01.log

      -rw-rw-r--   1 tomcat tomcat 6532408 May  2 23:59 catalina.2012-05-02.log

      -rw-rw-r--   1 tomcat tomcat 6526215 May  3 23:59 catalina.2012-05-03.log

      -rw-rw-r--   1 tomcat tomcat 6529998 May  4 23:59 catalina.2012-05-04.log

      -rw-rw-r--   1 tomcat tomcat 6508438 May  5 23:59 catalina.2012-05-05.log

      -rw-rw-r--   1 tomcat tomcat 6524565 May  6 23:59 catalina.2012-05-06.log

      -rw-rw-r--   1 tomcat tomcat 6551887 May  7 23:59 catalina.2012-05-07.log

      -rw-rw-r--   1 tomcat tomcat 6525733 May  8 23:59 catalina.2012-05-08.log

      -rw-rw-r--   1 tomcat tomcat 6521817 May  9 23:59 catalina.2012-05-09.log

      -rw-rw-r--   1 tomcat tomcat 6491447 May 10 23:59 catalina.2012-05-10.log

      -rw-rw-r--   1 tomcat tomcat 6497646 May 11 23:59 catalina.2012-05-11.log

      -rw-rw-r--   1 tomcat tomcat 6482581 May 12 23:59 catalina.2012-05-12.log

      -rw-rw-r--   1 tomcat tomcat 6501137 May 13 23:59 catalina.2012-05-13.log

      -rw-rw-r--   1 tomcat tomcat 6499021 May 14 23:59 catalina.2012-05-14.log

      -rw-rw-r--   1 tomcat tomcat 6502643 May 15 23:59 catalina.2012-05-15.log

      -rw-rw-r--   1 tomcat tomcat 6630498 May 16 23:59 catalina.2012-05-16.log

      -rw-rw-r--   1 tomcat tomcat 6707705 May 17 23:59 catalina.2012-05-17.log

      -rw-rw-r--   1 tomcat tomcat 6693021 May 18 23:59 catalina.2012-05-18.log

      -rw-rw-r--   1 tomcat tomcat 6710685 May 19 23:59 catalina.2012-05-19.log

      -rw-rw-r--   1 tomcat tomcat 1835981 May 20 23:59 catalina.2012-05-20.log

      -rw-rw-r--   1 tomcat tomcat 1398501 May 21 23:59 catalina.2012-05-21.log

      -rw-rw-r--   1 tomcat tomcat 1402122 May 22 23:59 catalina.2012-05-22.log

      -rw-rw-r--   1 tomcat tomcat 2394043 May 23 17:32 catalina.2012-05-23.log

      -rw-r-----   1 tomcat tomcat  937232 May 23 17:16 catalina.out

      -rw-r-----   1 tomcat tomcat   19313 Feb 17 00:20 catalina.out.1.gz

      -rw-r-----   1 tomcat tomcat   13822 Jan 25 00:20 catalina.out.2.gz

      -rw-rw-r--   1 tomcat tomcat 1712087 May 23 17:32 cc_log0.0.txt

      -rw-rw-r--   1 tomcat tomcat       0 May 23 11:39 cc_log0.0.txt.lck

      -rw-rw-r--   1 tomcat tomcat 4029954 May 23 11:36 cc_log0.1.txt

      -rw-rw-r--   1 tomcat tomcat 5242918 May 20 14:33 cc_log0.2.txt

      -rw-rw-r--   1 tomcat tomcat 5243006 May 19 09:50 cc_log0.3.txt

      -rw-rw-r--   1 tomcat tomcat 5242934 May 18 15:04 cc_log0.4.txt

      -rw-rw-r--   1 tomcat tomcat  997036 May 23 17:32 crypto_log0.0.txt

      -rw-r-----   1 tomcat tomcat       0 May 23 11:39 crypto_log0.0.txt.lck

      -rw-rw-r--   1 tomcat tomcat 1048653 May 23 14:36 crypto_log0.1.txt

      -rw-rw-r--   1 tomcat tomcat  803325 May 20 05:40 crypto_log0.2.txt

      -rw-rw-r--   1 tomcat tomcat 1048643 May 19 23:55 crypto_log0.3.txt

      -rw-rw-r--   1 tomcat tomcat 1048777 May 19 20:50 crypto_log0.4.txt

      -rw-rw-r--   1 tomcat tomcat 1048775 May 19 17:50 crypto_log0.5.txt

      -rw-rw-r--   1 tomcat tomcat 1048696 May 19 14:45 crypto_log0.6.txt

      -rw-rw-r--   1 tomcat tomcat 1048616 May 19 11:45 crypto_log0.7.txt

      -rw-rw-r--   1 tomcat tomcat 1048785 May 19 08:40 crypto_log0.8.txt

      -rw-rw-r--   1 tomcat tomcat 1048766 May 19 05:41 crypto_log0.9.txt

      -rw-r-----   1 tomcat tomcat      20 May 23 11:39 fips_certgen_tc.log

      -rw-r-----   1 tomcat tomcat  104402 Jan  6  2010 fwmgr_log0.0.txt

      -rw-rw-r--   1 tomcat tomcat       0 Feb  7 11:24 host-manager.2012-02-07.log

      -rw-rw-r--   1 tomcat tomcat       0 Mar 27 16:24 host-manager.2012-03-27.log

      -rw-rw-r--   1 tomcat tomcat       0 May 23 11:39 host-manager.2012-05-23.log

      -rw-rw-r--   1 tomcat tomcat       0 Feb  7 11:24 localhost.2012-02-07.log

      -rw-rw-r--   1 tomcat tomcat       0 Mar 27 16:24 localhost.2012-03-27.log

      -rw-rw-r--   1 tomcat tomcat       0 May 23 11:39 localhost.2012-05-23.log

      -rw-rw-r--   1 tomcat tomcat 3172604 Apr 22 23:59 localhost_access_log.2012-04-22.txt

      -rw-rw-r--   1 tomcat tomcat 3362706 Apr 23 23:59 localhost_access_log.2012-04-23.txt

      -rw-rw-r--   1 tomcat tomcat 3369264 Apr 24 23:59 localhost_access_log.2012-04-24.txt

      -rw-rw-r--   1 tomcat tomcat 3172957 Apr 25 23:59 localhost_access_log.2012-04-25.txt

      -rw-rw-r--   1 tomcat tomcat 3163316 Apr 26 23:59 localhost_access_log.2012-04-26.txt

      -rw-rw-r--   1 tomcat tomcat 3345827 Apr 27 23:59 localhost_access_log.2012-04-27.txt

      -rw-rw-r--   1 tomcat tomcat 3172861 Apr 28 23:59 localhost_access_log.2012-04-28.txt

      -rw-rw-r--   1 tomcat tomcat 3161862 Apr 29 23:59 localhost_access_log.2012-04-29.txt

      -rw-rw-r--   1 tomcat tomcat 3430226 Apr 30 23:59 localhost_access_log.2012-04-30.txt

      -rw-rw-r--   1 tomcat tomcat 3339052 May  1 23:59 localhost_access_log.2012-05-01.txt

      -rw-rw-r--   1 tomcat tomcat 3404386 May  2 23:59 localhost_access_log.2012-05-02.txt

      -rw-rw-r--   1 tomcat tomcat 3172783 May  3 23:59 localhost_access_log.2012-05-03.txt

      -rw-rw-r--   1 tomcat tomcat 3333659 May  4 23:59 localhost_access_log.2012-05-04.txt

      -rw-rw-r--   1 tomcat tomcat 3162964 May  5 23:59 localhost_access_log.2012-05-05.txt

      -rw-rw-r--   1 tomcat tomcat 3173988 May  6 23:59 localhost_access_log.2012-05-06.txt

      -rw-rw-r--   1 tomcat tomcat 3446240 May  7 23:59 localhost_access_log.2012-05-07.txt

      -rw-rw-r--   1 tomcat tomcat 3343648 May  8 23:59 localhost_access_log.2012-05-08.txt

      -rw-rw-r--   1 tomcat tomcat 3402924 May  9 23:59 localhost_access_log.2012-05-09.txt

      -rw-rw-r--   1 tomcat tomcat 3133641 May 10 23:59 localhost_access_log.2012-05-10.txt

      -rw-rw-r--   1 tomcat tomcat 3136687 May 11 23:59 localhost_access_log.2012-05-11.txt

      -rw-rw-r--   1 tomcat tomcat 3120020 May 12 23:59 localhost_access_log.2012-05-12.txt

      -rw-rw-r--   1 tomcat tomcat 3134575 May 13 23:59 localhost_access_log.2012-05-13.txt

      -rw-rw-r--   1 tomcat tomcat 3213033 May 14 23:59 localhost_access_log.2012-05-14.txt

      -rw-rw-r--   1 tomcat tomcat 3350080 May 15 23:59 localhost_access_log.2012-05-15.txt

      -rw-rw-r--   1 tomcat tomcat 3525164 May 16 23:59 localhost_access_log.2012-05-16.txt

      -rw-rw-r--   1 tomcat tomcat 3409797 May 17 23:59 localhost_access_log.2012-05-17.txt

      -rw-rw-r--   1 tomcat tomcat 3393464 May 18 23:59 localhost_access_log.2012-05-18.txt

      -rw-rw-r--   1 tomcat tomcat 3169239 May 19 23:59 localhost_access_log.2012-05-19.txt

      -rw-rw-r--   1 tomcat tomcat  297084 May 20 08:26 localhost_access_log.2012-05-20.txt

      -rw-rw-r--   1 tomcat tomcat  941955 May 23 17:32 localhost_access_log.2012-05-23.txt

      -rw-r-----   1 tomcat tomcat     127 May 23 00:20 logrotate.status

      -rw-r-----   1 tomcat tomcat     298 Dec 13 15:47 makejavaca.log

      -rw-rw-r--   1 tomcat tomcat       0 Feb  7 11:24 manager.2012-02-07.log

      -rw-rw-r--   1 tomcat tomcat       0 Mar 27 16:24 manager.2012-03-27.log

      -rw-rw-r--   1 tomcat tomcat       0 May 23 11:39 manager.2012-05-23.log

        • 1. Re: CC 5.2.1 logs
          sliedl

          I will PM you something you can try until we can get a KB written for it.

          • 3. Re: CC 5.2.1 logs
            mathew.d.hailey

            This link takes me to some Inquira page i cannot access (even though i am a communities member..... )   is there a better link?

             

            Also tried looking it up by the KB referenced in the link...... no dice. 

             

            Mat

            • 4. Re: CC 5.2.1 logs
              sliedl

              Here is the text of the KB article:

               

              Firewall Enterprise Control Center - How to use a Symbolic Link for Control Center Upgrades

               

              Corporate KnowledgeBase ID:  KB73530
              Version:  2.0
              Status:  Published
              Created:  November 30, 2011
              Last Modified:  April 09, 2012

               

              Environment

              McAfee Firewall Enterprise Control Center 5.2.1

              Summary

              To reduce the amount of disk space required on the root file system to upgrade from version 5.2.0 to version 5.2.1, the administrator might choose to create a symbolic link for the upgrades directory. Creating a symbolic link allows the upgrade package to reside on a non-root file system, reducing the amount of free space required on the root file system from 226 MB to 106 MB.

               

              Solution

              To create the symbolic link
              The existing contents of the updates directory will be moved to the new directory on a non-root file system. After you have completed the following procedure, you can install the 5.2.1 upgrade from the Control Center Client application in the usual way.

              NOTE: To handle the varying RSBAC levels of the files that you are moving, you must complete some of the following steps as the secoff user.

              1. Login as the mgradmin user.
              2. Enable the secoff user:
                1. su – sso
                2. Type your SSO password.
                3. /usr/sbin/cg_usermod –s /bin/bash –p <password> secoff
                4. Exit.
              3. Move updates directory to non-root file system:
                1. su secoff
                2. Type your secoff password.
                3. cd /usr/local/tomcat/webapps/cm/WEB-INF
                4. mac_set –f updates SYS_PUBLIC
                5. mv updates /opt/security/var/gccserver
              4. Set RSBAC on directory:
                1. mac_set –f /opt/security/var/gccserver/updates ADMIN
                2. Exit.
              5. Create symlink:
                1. cd /usr/local/tomcat/webapps/cm/WEB-INF
                2. ln –s /opt/security/var/gccserver/updates updates
              6. Lock secoff user:
                1. su – sso
                2. Type your SSO password.
                3. /usr/sbin/cg_usermod –L secoff
                4. Exit.

              • 5. Re: CC 5.2.1 logs
                mathew.d.hailey

                Thank you very much!

                 

                Essentially im moving the firewall updates to another partition?  

                 

                What if i have the catalina files piling up? 

                 

                Mat

                • 6. Re: CC 5.2.1 logs
                  sliedl

                  You can remove catalina files as the mgradmin user by using the rm command.

                   

                  $> cd /usr/local/tomcat/logs/

                  $> rm catalina.2012-07*

                  will remove the catalina files from July, for example.

                  • 7. Re: CC 5.2.1 logs

                    Is there a way to automate the removal of the catalina logs?  I could write a script and set up a cron job but there must be a proper way to do it.

                    • 8. Re: CC 5.2.1 logs
                      mathew.d.hailey

                      Sliedl...... THANK YOU!!!! 

                       

                      rdk......  agreed.  These logs constantly pile up for me.  The system should have an automated way of cleaning these up!!!   Maybe 5.2.2 will have a patch for this?   (please mcafee?)