# Linux server question (logwatch)



## Guest (Apr 29, 2007)

Is it safe to delete the contents of the directories in /var/cache/logwatch? 

They're using up 80% of the /var drive space. They are just logs, right? I don't want to do anything stupid by just deleting files at random. :help:


----------



## Gary in ohio (May 11, 2002)

If you dont want it then turn off the logwatch function first then you can zero out the file. Should be running out of cron.


----------



## Guest (Apr 29, 2007)

Here are the crons that are running, none of them look like they're for logwatch :shrug:

32 23 * * * /scripts/upcp
0 1 * * * /scripts/cpbackup
*/15 * * * * /usr/local/cpanel/whostmgr/bin/dnsqueue > /dev/null 2>&1
23 22 * * * /usr/local/cpanel/whostmgr/docroot/cgi/cpaddons_report.pl --notify
12 17 * * * cd /usr/local/cpanel/whostmgr/docroot/cgi/fantastico/scripts/ ; /us$
0 6 * * * /scripts/exim_tidydb > /dev/null 2>&1
*/5 * * * * /usr/local/cpanel/bin/dcpumon >/dev/null 2>&1


----------



## Guest (May 2, 2007)

Can someone tell me how to turn off the logwatch function, please? And then how to zero it out?


----------



## klear (May 10, 2003)

As root do the following ('#' below represents the shell prompt for root):

# cd /etc/cron.daily
# ls -l 00-logwatch

This should display something like:

lrwxr-xr-x ... 00-logwatch -> /usr/bin/logwatch.pl

where ... will the file owner, group, date, size, etc.

If you see the above, it means that 00-logwatch is a symbolic link to /usr/bin/logwatch.pl, the actual script that is doing the logwatching. You need to only remove the symbolic link to disable the service, like so:

# rm 00-logwatch

Later if you want to restore logwatch, you can restore it as:

# cd /etc/cron.daily
# ln -s /usr/bin/logwatch.pl 00-logwatch


----------



## Guest (May 2, 2007)

klear said:


> As root do the following ('#' below represents the shell prompt for root):
> 
> # cd /etc/cron.daily
> # ls -l 00-logwatch
> ...


This is as far as I got:

[email protected] [~]# cd /etc/cron.daily
[email protected] [/etc/cron.daily]# ls -l 00-logwatch
/bin/ls: 00-logwatch: No such file or directory
[email protected] [/etc/cron.daily]#


----------



## Guest (May 2, 2007)

I need to figure this out. I keep getting system emails warning me about drive space on /var

At one point last night it was at 96%

:Bawling:


----------



## Kung (Jan 19, 2004)

Would that be why there was problems accessing the site last night?


----------



## Guest (May 2, 2007)

Kung said:


> Would that be why there was problems accessing the site last night?


 Yes.


----------



## Kung (Jan 19, 2004)

I'm in there right now, and I don't see any 00-logwatch, but I DO see a [email protected] directory, and running the ls -l 0logwatch DOES in fact return a directory. Dunno if that helps.


----------



## Guest (May 2, 2007)

When I went looking to see what was taking up all the space, that's when I found the logwatch files.

Here is what I see in SFTP:










When I open those directories, and check the properties of the various files, some of them are HUGE. Here is an example:










Many files are over 100MB, some are over 300MB.

Most look like older files, and seem unnecessary, but I didn't want to just start deleting at random, I'm afraid I'll do something stupid.

I would also rather delete via SSH rather than SFTP. That always seems better to me, to use UNIX commands in shell.


----------



## Guest (May 2, 2007)

Kung said:


> I'm in there right now, and I don't see any 00-logwatch, but I DO see a [email protected] directory, and running the ls -l 0logwatch DOES in fact return a directory. Dunno if that helps.


 Do you happen to know what's safe to delete?


----------



## Kung (Jan 19, 2004)

Not off the top of my head....looking into it...


----------



## Kung (Jan 19, 2004)

From what I am seeing the /var/cache directory only contains data written to it from applications - therefore the /var/cache/logwatch contains data that logwatch writes to.

From what I'm seeing you *SHOULD* be able to safely delete the stuff in there (although I'd like the opinion of a more experienced Unix admin first). What you might try doing is backing up the contents of those files (if it's feasible) and then deleting the files; if it causes problems, put them back.


----------



## Guest (May 2, 2007)

Kung said:


> (although I'd like the opinion of a more experienced Unix admin first).


 Me too. 

I'm always scared I'll break the server. :help:


----------



## Kung (Jan 19, 2004)

I spoke to one of my buddies, who works for Microsoft and used to do Unix admin.

He basically said the exact same thing - either manually move (or use a cron job to move) all files older than, say, a week elsewhere.

If something 'breaks' just move 'em back; if not, leave 'em and see what happens; and then if all continues to go well, do an automated cron job.


----------



## Gary in ohio (May 11, 2002)

Also keep in mind logwatch is not a Linux thing. Logwatch is specific to your distro. Not all version of linux releases have logwatch.


----------



## Guest (May 3, 2007)

Well, everyone I ask thinks it's ok to delete them. Rather than move them (not many places to move them to, anyhow), I'll rename the directories to disable them, watch and make sure nothing breaks, and if everything looks fine, I'll delete them. That should work, right? I have renamed files in the past to disable them.


----------



## Kung (Jan 19, 2004)

Should work just fine; if it doesn't work (if something breaks), just name it back.


----------

