Deleting log files through boot concole

pas

After a misconfiguration I managed to fill my entire drive with suricata-logs. Now pfsense won't boot at all and it is only showing error messages that the drive is too full to start normal.

I've located the logs through the console accessable in the boot-menu. The issue is now that the file-system is mounted read-only and I'm not able to delete the logfiles.

Any tips on how to do this? I'm new to freebsd so suggestions on which commands to use and correct syntax is much appreciated!

It is running the latest version of pfsense and its not configured to be accessible over ssh.

bmeeks

You will need to remount the file system as read/write using this command:

/sbin/mount -o rw /

Try this from the single-user mode command prompt and look for the Suricata logs in /var/log/suricata.

pas

Thanks @bmeeks !

Unfortunately I got an error;

mount: /dev/gptid/[id of some kind]: R/W mount of / denied. Filesystem is not clean - run fsck. Forced mount will invalidate journal contents: Operation not permitted.

Any idea?

bmeeks

@pas said in Deleting log files through boot concole:

Thanks @bmeeks !

Unfortunately I got an error;

mount: /dev/gptid/[id of some kind]: R/W mount of / denied. Filesystem is not clean - run fsck. Forced mount will invalidate journal contents: Operation not permitted.

Any idea?

Yeah, you're going to have to try running fsck to see if it can repair the disk volume. This page can help you out. Using the Alternate Method shown about midway that page should work for you on pfSense.

pas

Will test this later today. Your help is highly appreciated!