Picture this.  It is 3AM on a Sunday, and you are enjoying the comfort of your bed when you receive a text message telling you something is wrong with your server.  As you struggle to crawl to your laptop, SSH into the server, and start poking around, you notice one of your system log files is enormous, like in the gigabytes.

First of all, try not to panic.  When a log file grows that large rapidly, it could mean that something is wrong with whatever application is associated with it, but it may not be anything serious.  Usually, it is pretty easy to tell what the problem is just by looking at the latest activity in the file.  From the command line, type:

tail /var/log/logfile-name

If you do not see it right away, you can look through the entire file for clues:

less /var/log/logfile-name

More than likely the same problem is repeating itself, so look for repeat messages.  In some cases, it will be an error message, but it could also be a warning or notice that you need to disable.  It could also be an intrusion attack, especially if you are looking at security logs.

Once you find out the problem and fix it, you should manually rotate the large log file to start with a fresh empty one.

logrotate -v -f /etc/logrotate.d/logname

The old file will be archived, and an empty file will be ready to go.  You will then be ready to go back to sleep.

By: Tavis J. Hampton