Maintaining your logs is essential to keep your hard drive partitions healthy and to avoid potential problems that occur when partitions become 0 full. There is nothing worse then your /var partition filling up completely because you didn’t keep an eye on your logs. When a partition fills up, all kinds of weird things can happen which is why we strongly recommend you keep an eye on them as part of your daily routine.
We will go over the different logs, what they are used for, and how you can maintain them.
2. Maintaining Your Logs
There are several logs that you should monitor on a daily basis and they are as follows:
- /usr/local/apache/logs/error_log & /usr/local/apache/logs/access_log
- /var/spool/exim/input/ & /var/spool/exim/msglog/
These are the most common logs likely to cause dedicated server owners a headache. We will go over each one and how to keep them in order.
2.1 Error_log & Access_log
This is the most common log to fill up your /usr partition. If some morning you log into WHM and notice a flashing red light for the /usr partition and it’s reading at over �, the first thing you should do is log into your server via SSH and go to that directory:
This will list the contents of the directory along with the size of each file. You will most likely notice your error_log is quite large. If so, delete this log, restart apache and then check your disk usage again using the command:
This command will show you all your partitions and the disk spaced used/available for each. You should notice the /usr partition has more disk space available now.
Domlogs is a directory located at /usr/local/apache/domlogs which contains 2 logs for each domain located on your server. The logs are named using the following format:
The first log contains all your hits, which is used to calculate the daily Webalizer and Analog stats in cpanel. The second log contains ever byte transferred from the account domain.com, and is used to calculate the HTTP bandwidth on a monthly basis.
While we do not recommend you delete these logs too often since your stats and bandwidth stats may get slightly skewed, sometimes it is necessary to remove them in order to free up space on your /usr partition. To delete these logs use the command:
rm –f /usr/local/apache/domlogs/*
Then restart apache using:
These logs will be recreated from scratch by Apache.
This directory contains important logs such as exim_mainlog, messages, and chkservd.log. While these logs are rotated regularly, archived logs are not deleted. You can safely delete any log that has a .1, .2, .3, or .4 extension, as these are the ‘old’ archived logs. You can remove these archived logs very easily using the command:
rm –f /var/log/*.1
rm –f /var/log/*.2
rm –f /var/log/*.3
rm –f /var/log/*.4
This will delete any file in that directory which is an archived log and free up disk space on your /var partition.
2.4 /var/spool/exim/input/ & /var/spool/exim/msglog/
These files are generated by Exim (the mail server) from bounced emails, or emails waiting to be delivered and are in the message queue. If you notice your /var partition filling up and you have removed your archived logs from section 2.3, then you most likely have a lot of entries in these directories. You should verify the size of this directory to see if it is a problem:
du -h /var/spool/exim/input
du -h /var/spool/exim/msglog
If any of these directories is very large chances are they are the culprit. Remove the contents using:
rm –rf /var/spool/exim/input/*
rm –rf /var/spool/exim/msglog/*
You might not notice an immediate difference in ‘disk space used’ after deleting these logs, but after a few minutes your partition information should be updated which you can view using the command:
3 Rearranging/Moving Your Logs
Sometimes your logs are just too big and fill up too fast for the current partition they are on. A simple solution to this is to move them to a different partition. For example, let’s say your /usr partition is over � and every time you delete your logs, within a few hours it is back at � again. The solution is simple and we will discuss how to do this.
First thing you need to do is to move your logs. We recommend you shut down the service that uses this log along with the chkservd daemon which checks your services. In this example you would want to shutdown chkservd followed by Apache:
Then you would move the two directories to a different partition. Most people use their /home partition, but if you have a backup drive in your server you may want to use it. I prefer to use my backup drive (for logs, since I don't consider my logs to be critical data) as this takes some of the work off the main drive, so I would create a directory on my backup drive:
Then I would move the directories over:
mv /usr/local/apache/domlogs /backup/usr/
mv /usr/local/apache/logs /backup/usr/
That will move the two major log directories from your /usr partition to your /backup partition. The last thing you need to do is create the symbolic links in the ‘old’ locations so that Apache can find where you have moved these logs.
ln –s /backup/usr/domlogs/ domlogs
ln –s /backup/usr/logs/ logs
This will create the links in the ‘old’ location to point to the ‘new’ location. The last thing to do is restart Apache and chkservd:
And that’s it! Your logs are now stored on your backup partition and will never hassle your /usr partition again.
Monitoring your logs is all part of owning a dedicated server and is essential to keeping your server running smoothly. If you are familiar with crontab and how to use it then I’m sure you can see how easy it would be to automate log maintenance.
We recommend that you verify your logs daily to avoid any unusual events such as a partitions filling up. It’s also important to understand your logs and the wealth of information they can offer you. Chances are the answer to your questions when troubleshooting a problem can be found in your logs.
source : http://www.servermanual.com/Articles/175.html