Fixing Large Log Files

When running a dedicated server, it is important to monitor log files. They will give a wide range of important information about the current state of your server. Aside from the content in the log file, you can also learn something from the size of the file. If your web server log, for example, is usually about 1MB in size and then suddenly balloons to 24MB over the course of 48 hours, you should probably investigate.

If data is coming in that fast, you can probably scope out the problem in real time. Try using “tail” to see if any suspicious activity appears.

tail -f /var/log/httpd/error.log

When you are finished viewing the log activity, press CTRL-C to exit. You can repeat the same command for any log, such as “messages” or “maillog”.

Chances are, if your log file is expanding by the gigabyte, which does happen, you should see the error and be able to troubleshoot it. There is a chance that your server might be under attack, so look for suspicious users, IP addresses, and other pertinent information. On a mail server, for example, multiple repeated requests from the same user could mean your server is being spammed. Also, if you see multiple failed login attempts from random user/password combinations, someone could be trying to hack into the server.

Once you have found and eliminated the problem, you may want to get rid of the enormous log file. You can safely clear the log file with the following command:

> /var/log/httpd/error.log

The file will empty, and logging should continue as normal. Be sure to continue monitoring for a while, just to make sure the problem has actually been resolved.