Disk usuage - 106%
-
I'm running on sg-5100. I was trying to setup separate subnet for my voip. Not sure if it is related or not but I notice "unbound" was disabled. When I tried enable it, I'm getting errors. I tried google the error and it mention about the disk usuage. So I look at my dashboard, I notice it already exceed 6.7GB. Usually, I'm only using about 20% with pfBlockerNG and Suricate enable.
I using the Diagnostics > Command Prompt, run "du -sh /*" and notice that 5GB usage in /tmp. As I dig futher, it show bootmessage was using 5GB. I removed it but the disk usuage still showing 106%. It seems rebooting remove all the files in /tmp. Any idea what bootmessage use for? I did backup restore not sure it is related or not
-
It's almost always package logging that fills the drive. Check /var.
Do you mean /tmp/bootup_messages?
Any idea what was in it? That's usually empty or close to it if it exists at all.Steve
-
@stephenw10 , yes /tmp/bootup_messages. It contains the following error message
/usr/local/etc/rc.d/vnstatd.sh: /usr/local/sbin/vnstatd: not found
daemon: /usr/local/bin/telegraf: No such file or directory
daemon: /usr/local/bin/telegraf: No such file or directory
daemon: /usr/local/bin/telegraf: No such file or directory
daemon: /usr/local/bin/telegraf: No such file or directory
daemon: /usr/local/bin/telegraf: No such file or directory
daemon: /usr/local/bin/telegraf: No such file or directory
.....I did install telegraf before I restore my backup but after I restore my backup. I don't see the telegraf anymore. How do I fixed this by re-installing it and then uninstall it? Also, do you know what this notice meant "There were error(s) loading the rules: /tmp/rules.debug:29: cannot define table pfB_Africa_v4: Cannot allocate memory - The line in question reads [29]: table <pfB_Africa_v4> persist file "/var/db/aliastables/pfB_Africa_v4.txt" @ 2021-02-09 00:55:15"
-
Hmm, well I've never seen that. Re-installing and uninstalling those packages correctly should remove the references to unexistent binaries.
You might need to bump up the maximum table size in Sys > Adv > Firewall & NAT. That pfBlocker error looks like you're hitting it. That is often a size you have too many lists loaded though.
Steve
-
@stephenw10 , i re-installed the telegarf and so far bootup_messages didn't grow. also, I re-do geoip blocking on pfblockerNg by doing invert matching instead selecting all the countries that I want to block. does pfsense clean up the files in /tmp folder time to time? or it only happend when it is reboot?
-
If anyone stumbles upon this, I had a very similar issue when I enabled Suricata but didn't have the logs set to a specific maximum size.
This helped me fix it.
-
Set the total directory size limit for the logs but don't do the other things shown there.
You do not need to use RAM disks when running any recent SSD. The write life of the drive with any sort of standard install will be >10y.
Snort and Suricata are not expected to run using ramdisks of a reasonable size.Steve
-
NeVaR, it could be you didn't clean format (old disk partitions) your HDD. Try to format with diskpart and then reinstall pfSense.