3CX DLL-Sideloading attack: What you need to know
Recurring emails about /dev/sda6 utilization. Note 4.1G in /var/storage/chroot-http/var/run/nav1
There are no updates to be applied. All but 2 backups have been deleted.
du -shx * in / shows 3.1G in var
du -shx * in /var shows 2.2G in pattern
I have read every article that I could find about this issue and haven't been able to resolve the issue.
I need to get /dev/sda6 below 85% utilization.
I bet you will find lots of old crash dumps with:
You can rm any file that's not needed to investigate a current problem.
Cheers - Bob
Already deleted them. There were just two of them.
Dale, did you try
du -shx /var/*
The next-most-likely culprit is /var/storage/pgsql92/data/pg_xlog.
The plot thickens....
That 289M certainly isn't enough to make a big difference. Must be something else unusual in /var/storage. Try
du -shx /var/storage/* |sort -rh |head -10
1.7G ~ rough math.
Interesting that du -shx /var/storage/* does not reflect the 4.x GB that df-h says is in /var/storage/chroot-http/var/run/navl
(See first screenshot)
df -h shows the usage of the partition that /var/storage/chroot-http/var/run/navl is in, the / partition.
/var/storage/chroot-http/var looks suspiciously large.
I'm out of guesses, Dale - what does Sophos Support say about this?
As far as I know, I am unsupported. This is in my home lab. Not good that you are out of ideas.....
What if you du /var/storage/chroot-http/var, Dale, and look for what's so big there?
Since it's your home lab, you might consider taking some config backups off and re-imaging with the latest ISO.
Per your suggestion.
If I rebuild, would a weekly config backup get me back to 100%? Never done a backup restore.
Can I just LiveCD (gparted) and expand the partition?
You can generate config backups at will. I would get a new one off the UTM as well as a couple other recent ones just to be safe. Put the one, most-recent backup on a USB memory stick, insert it and power the UTM up.
The only things you lose with a re-image and restore is the logs and reporting. If those are important to you, you can copy them off and back on with WinSCP.