Kernel: (dhcpd) /var: filesystem full
I am running pfSense 2.0 on a Hakamu 1Ghz embedded platform and have over 170 vlans. After adding this last round of 40 vlans I have run into a problem with the /var file system filling up, and consequently, causing strange connectivity issues etc. There is a DHCP range running on each vlan interface and I think this is causing /var/dhcpd/dev to fill up. The specific message I'm getting in the system log is:
kernel: pid 6437 (dhcpd), uid 1002 inumber 5973 on /var: filesystem full
Here is what df -H returns….
Filesystem Size Used Avail Capacity Mounted on
/dev/ufs/pfsense1 464M 150M 277M 35% /
devfs 1.0k 1.0k 0B 100% /dev
/dev/md0 40M 432k 37M 1% /tmp
/dev/md1 61M 61M -4.8M 109% /var
/dev/ufs/cf 52M 4.1M 43M 9% /cf
devfs 1.0k 1.0k 0B 100% /var/dhcpd/dev
Any advice would be appreciated. I am running no other additional packages on the system. The only thing I can guess at this point is pfSense can't support 170+ dhcp ranges. Any thoughts?
My system runs two VLANs and I see
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ad0s1a 690006 425574 209232 67% /
devfs 1 1 0 100% /dev
/dev/md0 3694 50 3350 1% /var/run
devfs 1 1 0 100% /var/dhcpd/dev
so I doubt the number of VLANs is causing your /var/dhcp/dev to fill up.
Certainly your /var is full. Perhaps the output of du /var from your system might give some clues. Here is the output from my system:
dev always shows 100% that wouldn't be a problem, but your /var is quite full as shown in your output.
If you have that many VLANs and DHCP is active on all of them, it's possible that the DHCP leases database is using all that space.
If you want to increase the size of /var, which should be fairly safe if you have enough memory in that box, edit /etc/rc.embedded and put a larger value on this line:
Then reboot the box.
You might try moving that up to at least 128m
Thanks for the responses, guys. I hope someone else will also find this thread useful. Out of desperation last night I started poking around in /var and tracked down the offending directory to the RRD directory. My only guess is that RRD was graphing all 170+ interfaces I have set up for the various Vlans. I cleared the RRD log and disabled the service, reboot, and /var usage is back down to 10%.
I could see RRD data files getting that large for that kind of deployment. If you want to graph that kind of data, you can enable the SNMP service and then use an external poller such as Cacti or Zabbix to graph.