Clearing disk

ILIKENETGATE

Hi,

My SC-3100 was purchased with the 32G upgrade. I am now at 109% or very full. How do you clear this? I think it's affecting the performance as I see the network usage being erratic.

Thanks

Gertjan

Hi,

Console -> Option 8 :
For example - most popular candidate : the /var/log directory :

cd /var/log
ls -al

Check visually for big files.

You're using what packages ? Some of them do a lot of logging - and it's up to you to clean up old stuff.

ILIKENETGATE

@Gertjan Thanks for the reply. I realize I may have created a monster by turning on both Snort and Suricata. OK so the console is the only way to access this no GUI? If so that's OK. So then in here what commands do I use to remove some of these? Sorry not a big Linux guy.

Gertjan

@ILIKENETGATE said in Clearing disk:

both Snort and Suricata

Can't tell - I do not use snort neither Suricata. Check out their pfSense GUI part is log file management exists. If not : yes, you should use the one and only real management interface : the console or SSH access.
Btw : both programs are excluded from the club "install them and forget them", as you said, they are beasts in many ways. The fact that these tools create huge log files is know - check out the forum and you will find identical messages : big log files => => file system full => system goes bad.

Normally, if big log files are needed, you shouldn't use pfSense to store these files, but set up the packages so they log to a remote "syslogger". These have the disk space to handle these kind of logs.

ILIKENETGATE

@Gertjan OK so I went into Suricata and I had turned on all the logging and have have now turned them off. The Disk Usage is still almost full so it must be the stuff for before I turned it off. I'll have to figure out in Linux how to erase this disk file. Since I was new I thought storing all this stuff would be useful...but really.

You remind me of a friend who is a big console guy and teases me not to be afraid to type! I'll have to change my ways and embrace the console. So if you aren't using these two packages what do you use for intrusion protection?

johnpoz

@ILIKENETGATE said in Clearing disk:

So if you aren't using these two packages what do you use for intrusion protection?

Why do you think he would need to be using that... What are you doing that you think you need to be using it?

IPS is not by any means a requirement to have a secure setup. And it what possible scenario could you possible think a good idea to run 2 different ones on the same box?

I do not run ips or ids on home nor the work deployments of pfsense appliance we have running... Since its not justified in any of the locations and how networks are being used.

JohnKaul

@ILIKENETGATE said in Clearing disk:

<snip> I'll have to figure out in Linux how to erase this disk file. Since I was new I thought storing all this stuff would be useful...but really. <snip>

@ILIKENETGATE, standard practice in the *nix environments is to check your logs -i.e. /var/log often, and because of that most *nix admins know their system well. Old "hacker folklore" type stuff. @Gertjan is telling you about SSH; use it. Practice; open a shell ("command line") on your *nix box and type man rm; this should give you help for the REMOVE command in *nix. Also do a man ssh. @Gertjan gave you most of the tools to success after you brush up on the use of those two tools.

JohnKaul

new here:
@johnpoz, your style (response style) reminds me of a Squirrel I used to know.
*just got the chills*

johnpoz

Your new here JohnKaul - but calling a mod a squirrel prob not a great start ;)

Or anyone for that matter..

JohnKaul

:]
Just don't go reaching for any trouts--and we'll be just fine-. ...The 'Squirrel' had serious (scary serious) chops and taught me a lot in my early days (but obviously still puts the fear of __ in me).

johnpoz

Dude are you on something?

You should be careful on what slang you use until you know that the audience uses it to mean the same thing..

JohnKaul

https://en.wikipedia.org/wiki/Wikipedia:Whacking_with_a_wet_trout

johnpoz

Yes I am well aware of the old irc days and slapping someone with a trout..

Do you understand the other meanings that can have? :) And the negative connotation of what a squirrel could mean?

ILIKENETGATE

@johnpoz Looks like you guys are having a lots of fun without me. Rather than brut force removing files in the consol I went into the two programs that are generating these logs and removed the many check marks for the various things being logged. Additionally I changed the number of days that the logs are saved to 1 day for now until more disk space is freed up. This seems to be working. I think I'll keep these two on for now until I know more of what I'm doing to protect myself. Thanks for the assistance.

Gertjan

@ILIKENETGATE said in Clearing disk:

So if you aren't using these two packages what do you use for intrusion protection?

@johnpoz said in Clearing disk:

Why do you think he would need to be using that... What are you doing that you think you need to be using it?

These two - three questions are important.

@ILIKENETGATE : do you really think that snort or Suricata can scan traffic that users, using devices on a local LAN, brought in from the 'dangerous' Internet to their devices ? Nearly all traffic is SSL protected these days.
I do not want - and I do not even want to try, to 'see' what traffic comes over.

Btw : by default : nothing comes in what wasn't request (from LAN).

And yes, I'm old school in this way : I do get angry when people do things that they shouldn't do with their PC's.
Like putting the gear box in their car in R (of Race) when they reached 120 miles per hours,
Or opening that mails that really promised a lot of money,
Or it really came from Trump himself.
Etc.
I've seen them all - and still, now and then it get's better every day. I don't need a program to tell me when I see bullshit. A GUI is just great for this : it has always a garbage button, and, like Windows 10, it's they only icon you have on your screen !!

Also : command line management isn't human, shouldn't be considered normal, and should be band forever. But, fortunately, I was there when the first 6502 (and 6800) came out. Intel followed just after that with a architectural disgusting 8088 (but history tells us the 'won' the market). In that time everybody searched to control those animals, there was no VGA (or CHA, or Hercules) screen then. A VT compatible terminal was what you got.
So, cryptic commands are what we had to control.
The same commands are still used to control Windows server 2012 these days - big mail and web servers, all the DNS stuff, and better : there is NO web interface to control Internet.
If you really could see what an email is today, you wouldn't believe it : a bunch of 'commands' back from the seventies (last century). But Outlook (or Thunderbird) hides all that for you : these programs use these commands for you.

I still do think, today, that people should know what a filesystem is, and how, at least, they can navigate into it, see sizes - you saw your disk full, right ? - so : delete that file (and because were are smarter as other animals : make a backup first ^^)

Btw : FreeBSD (pfSense) is not Linux - isn't iOS (from Apple) but they are all very similar - Our Fat32 or NTFS is just a more modern version of what had before.

Well .. ok... all these words weren't needed, so I'll pound you a real (my !) view of the situation :
When you decided to use packages as Snort and Suricate, you should able able to manage them.Using the GUI where it is possible. Console access isn't an option anymore for 'other' tasks.

ILIKENETGATE

@Gertjan Well I think we're from the same generation. I put myself through college selling Apple ]['s with that 6502 so I realize how far we've come from that. Thank God for the GUI or otherwise we'd be read our news online from a news service called The Source with green letters scrolling across the screen at 300 baud. I was a victim of a hack recently so I'm trying to get my "chops" up better to protect myself so getting the better router and putting up a my best defense has now been planted in my DNA. All your preventative methods you speak of are nice and were practiced by me but to no avail. I can tell you there are a lot of shitty people out there and I would like to do whatever I can to keep them at bay short of simply throwing out my computer but that isn't too practical these days.

...so I keep on keeping on...

JohnKaul

https://people.clarkson.edu/~jmatthew/publications/SPIE_SnortSuricata_2013.pdf

ILIKENETGATE

@JohnKaul Thanks John. A bit dated but interesting nonetheless.

johnpoz

@ILIKENETGATE said in Clearing disk:

I think I'll keep these two on for now

Your going to continue to run 2 IPS, both at the same time? Really? And you don't see a problem with that?

Dude pick one and use it, if you think is protecting you... Not both! You don't run 2!!

JohnKaul

@ILIKENETGATE said in Clearing disk:

@JohnKaul Thanks John. A bit dated but interesting nonetheless.

No problem but I hope you didn't miss the point. Date has nothing to do with it; that link was to show you the history -i.e. that one is the replacement for the other (you use one or the other, not both). Read the paper, it's a quick 15 minute read (and it's quite interesting).

@johnpoz said in Clearing disk:

<snip>
Dude pick one and use it, if you think is protecting you... Not both! You don't run 2!!

^^ What he said.