This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

root partition is filling up... or is it????

 

Hi, we keep receiving email alerts telling us the root partition is filling up and that it's 86%.  Not seeing anywhere close to 86% being used up, even after rebooting.  Any ideas on why we are getting this alert even though the disk seems to be fairly empty?

 

Thanks!



This thread was automatically locked due to age.
Parents
  • Wesley, try the following at the command line:

    df -h

    and

    du -shx /var/storage/* | sort -rh | head -10

    What stands out?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob, thanks for the response!  So I've had similar issues in the past with up2date filling things up, but I'm unclear as to why the dashboard (as shown in the screenshot in my OP) doesn't show high utilization.  Is the root partition just not reflected there?

    Anyway, I currently have two identical sg230 HA pairs in different locations.  They are both on 9.358-3 and both show "10 update(s) available for installation" on their dashboards.  However I'm only getting the aforementioned alerts on one of them.  Interestingly, on that one, if I go to the up2date screen, it says that "your firmware is up to date" and that there are no packages available for installation.  I assume this is because it thinks it's too full to unpack the updates.  What I don't understand is why this identically configured one with the same firmware and supposedly the same 10 downloaded updates would be fuller than the other one.

    Using your commands I see that sda6 on the problem one is indeed 86% full (4.2 out of 5.2 gb used) while the other is 73% (3.6 out of 5.2 gb used).

    Maybe there is some kind of corrupt crap sitting in the one - I'll see if I can get it cleaned up and let it re-download.

    I have to say given the number of times I run into stuff like this (and based on how many hits there are about others having similar issues) it sure seems like Sophos could come up with a better way to handle things.

     

    Thanks again!

  • I followed the sophos kb to get in and delete the up2date files, but even after clearing sys and sys-install and .queue there is still 2.8G being eaten up on the problem SG230's sda6 (57% full).  I'm unclear on how to track down what is stored there.  I rebuilt the postgresql DB and deleted the old dumps in the cores folder so my large file output is:

    <M> wfw:/var/storage/cores # du -shx /var/storage/* | sort -rh | head -10
    3.1G /var/storage/swapfile
    400M /var/storage/chroot-http
    166M /var/storage/chroot-clientlessvpn
    90M /var/storage/pgsql92
    74M /var/storage/chroot-smtp
    45M /var/storage/chroot-reverseproxy
    17M /var/storage/chroot-pop3
    4.0M /var/storage/chroot-ftp
    36K /var/storage/pgsql
    16K /var/storage/lost+found

  • I see the patterns folder on the problem one is roughly twice the size of the OK one.

    GUi reports that problem ons is pattern version 127563 and OK one is version 127562 (and saying "your patterns are up to date").  Not sure how that can be.

    Kind of at a loss as to how to figure out what is being stored on sda6 and how to clear it ,but I suppose the patterns differential (650+ megs) is maybe enough to push the problem one into the danger zone, hence the warnings on one and not the other.

Reply
  • I see the patterns folder on the problem one is roughly twice the size of the OK one.

    GUi reports that problem ons is pattern version 127563 and OK one is version 127562 (and saying "your patterns are up to date").  Not sure how that can be.

    Kind of at a loss as to how to figure out what is being stored on sda6 and how to clear it ,but I suppose the patterns differential (650+ megs) is maybe enough to push the problem one into the danger zone, hence the warnings on one and not the other.

Children
  • Sometimes, waiting so long to apply Up2Dates does cause problems, Wesley.  Check the /root directory to see if there aren't up2date files in there - those should be deleted.

    A UTM only downloads the patterns used by its configuration, so it's normal that there would be different ones and yet both be up to date.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA