02-23-2012
Your "bdf" and your "du -sk" do not agree. There's about 4 Gigabytes difference. That's ignoring the fact that "du -sk" follows links and can be much higher than "bdf".
You should be using "du -skx" to stop "du" traversing into other filesystems.
If you have been deleting (not nulling) active logs you probably need a reboot.
Beware that some system logging processes stop working completely if you delete their logs. Be prepared to create an empty log with exactly the same permissions as before if you find that a logging process stops working.
10 More Discussions You Might Find Interesting
1. HP-UX
Can anyone tell me how would I troubleshoot when /var becomes full with inodes? This is on HP11.11 system. Where used is 92%, ifree is 1891 iuse is 88%. Thanks. (3 Replies)
Discussion started by: catwomen
3 Replies
2. UNIX for Dummies Questions & Answers
Hi Everyone,
I think I've filled up one of the partitions on my drive. I suspect that one of the applications I've been running has been spitting out junk files to this partition - most of which can be deleted. The problem is that I have no idea how to go look at what's on that partition and... (2 Replies)
Discussion started by: Choppy
2 Replies
3. AIX
What to do if /var filesystem in Aix is completely full ? (2 Replies)
Discussion started by: kkhan
2 Replies
4. Filesystems, Disks and Memory
Hi
If You were the systems administrator of a mail server that services approximately 3,000 users. 2,000
users access their email via a POP-3 service, while the remaining 1,000 users access their email via a
Unix mail reader. Recently users have complained about speed of disk access, so a new 10... (1 Reply)
Discussion started by: semaphore
1 Replies
5. BSD
I am currently running DesktopBSD as a live-CD and need to have a large /var partition because it is currently too small. I have a USB stick which is BSD formatted, and would like to have the /var partition moved over to it. How can this be done? Could I for instance use a symlink? (1 Reply)
Discussion started by: figaro
1 Replies
6. AIX
Hi,
Is there a way to clear the temp files from /var/tmp?
Is root access required to delete the files?
Thanks,
Narayan (2 Replies)
Discussion started by: narayanv
2 Replies
7. AIX
hi, im new in aix administration.. months ago, I received mails, everytime a cron was executed. but now, I don't receive these mails.. and the /var/spool/squeue, gets full frequently. i'd like to know more information about this, what can i do?? sendmail is up, because, I executed ps -ef |grep... (5 Replies)
Discussion started by: fdeivis
5 Replies
8. Solaris
This is my first time working with ZFS on Solaris 10. I am trying to set up /var in a separate partition from /.
During the installation, I came across the ZFS settings where I selected disks 0 and 1 to be mirrored with ZFS. Next was the option to have /var and / on separate datasets.
Is... (3 Replies)
Discussion started by: 6L71
3 Replies
9. UNIX for Dummies Questions & Answers
In my company ,there is a mail server that services approximately 3,000 users. 2,000 users access their email via a POP-3 service, while the remaining 1,000 users access their email via a Unix mail reader. Recently users have complained about speed of disk access, so a new 10 gigabyte
disk has... (1 Reply)
Discussion started by: lemon_06
1 Replies
10. UNIX for Dummies Questions & Answers
Hi,
I have Solaris-10 (having multiple non global zones running on it). Its /var is getting full to 100% and I can see, there are files getting added to /var/audit. There are large in number, so even if I clearing them, it is filling /var. In past 24 hours, there are 53000 files are added. I am... (1 Reply)
Discussion started by: solaris_1977
1 Replies
AULAST:(8) System Administration Utilities AULAST:(8)
NAME
aulast - a program similar to last
SYNOPSIS
aulast [ options ] [ user ] [ tty ]
DESCRIPTION
aulast is a program that prints out a listing of the last logged in users similarly to the program last and lastb. Aulast searches back
through the audit logs or the given audit log file and displays a list of all users logged in (and out) based on the range of time in the
audit logs. Names of users and tty's can be given, in which case aulast will show only those entries matching the arguments. Names of ttys
can be abbreviated, thus aulast 0 is the same as last tty0.
The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was
created.
The main difference that a user will notice is that aulast print events from oldest to newest, while last prints records from newest to
oldest. Also, the audit system is not notified each time a tty or pty is allocated, so you may not see quite as many records indicating
users and their tty's.
OPTIONS
--bad Report on the bad logins.
--extract
Write raw audit records used to create the displayed report into a file aulast.log in the current working directory.
-f file
Use the file instead of the audit logs for input.
--proof
Print out the audit event serial numbers used to determine the preceeding line of the report. A Serial number of 0 is a place holder
and not an actual event serial number. The serial numbers can be used to examine the actual audit records in more detail. Also an
ausearch query is printed that will let you find the audit records associated with that session.
--stdin
Take audit records from stdin.
EXAMPLES
To see this month's logins
ausearch --start this-month --raw | aulast --stdin
SEE ALSO
last(1), lastb(1), ausearch(8), aureport(8).
AUTHOR
Steve Grubb
Red Hat Nov 2008 AULAST:(8)