Fix log file taking up all Linux drive space
Although Linux systems are notoriously compact, you may find that your disk space is suddenly running low. Why does this happen? The clue and possibly the biggest culprit will be found in your Linux system logs.
Why do logs take up so much disk space?
Logs are an important part of managing your Linux system. You can see what's going on with your machine, and you can also fix problems that arise. Linux logging daemons are similar to Event Viewer on Windows. Diaries usually don't take up much space. This is because most distributions automatically manage the amount of space they take up on your drive.
Linux logs used to be plain text files, but with many major distributions switching to systemd, they are binary files managed by journald, a systemd service. Additionally, your distribution will use rsyslog or syslog-ng.
Because old logs are no longer relevant and large archives can take up space, your system will often "cycle" them - archive, compress and finally delete them - to save disk space for the content you really want.
While you might not think logs take up much space, a malfunctioning process can fill up your logs faster than the system can cycle them.
If you check your disk space and find that you're suddenly running out of space even though you haven't downloaded any large files recently, it could be due to a problem with your Linux system logs. You'll have to figure out what's filling up your system logs and fix it.
You can check the amount of disk space you are using with the du -h command:
du -h /var/log
You'll see a list of each subfolder, along with the total space it takes up:
Find your diary
If you use a modern Linux distribution with systemd, you will use the journalctl program to view your logs; Journald typically stores logs in the /var/log/journal or /run/log/journal directory, depending on the distribution.
To view the log, type journald at the shell prompt. There are other useful command line options. To see boot messages, use the -b option:
journalctl -b
You can view system log messages in real time using the -f option.
If your distribution does not use systemd, you will find the logs in the /var/log directory. Even with systemd, some programs still store their logs in this directory. These are regular text files that you can examine with a utility like less.
For example, to read the system log:
less /var/log/syslog
You will see that the entire contents of the log file can contain thousands of lines:
You can also monitor it in real time using the -f option of the tail command:
tail -f /var/log/syslog
How Linux rotates log files
In the /var/log directory, you can see files with names ending in 'log.N.gz', where N is a number. This is a result of the system rolling over older records. Most distributions have a utility that will do this automatically, called 'logrotate'. logrotate is usually set up to run as a cron job or systemd timer.
By default, most distributions will run logrotate daily. logrotate compresses older logs using gzip, as evidenced by the '.gz' file extension. It uses a threshold, like age or file size, to do this and another threshold to delete old log files.
The default options for logrotate are sufficient for most desktop users. You can adjust logrotate behavior by editing the /etc/logrotate.conf file as a superuser, as well as editing the cron file or systemd timer file on your system, but these operations are really only relevant to the server administrator.
It's better to fix what's filling up your logs instead of editing configuration files to save disk space. If you absolutely need to change the configuration, you can read the logrotate manual page.
Which logs are safe to delete?
If all else fails and you want to free up disk space, you can manually delete archived log files ending in '.gz' before logrotate executes. You can use rm, but you will need to run it as superuser because these files belong to the system:
sudo rm /var/syslog/syslog.*gz
This command will delete all files containing 'syslog.' and ends with 'gz.'
Warning: Always be very careful when running commands via sudo, especially destructive commands like rm!
Normally, you shouldn't delete files in system folders without fully understanding what they mean, but archived logs won't cause any problems if they're missing. However, if you encounter problems, you may need to refer to older logs.
You should read it
- How to see what is taking up a lot of storage space on Windows 10
- Full list of Google Drive clients for Linux
- How to find large files on Windows 10
- How to backup files on Linux to Google Drive
- How to Clear up Unnecessary Files on Your PC
- Wipe the winSxS folder to free up windows space
- Steps to free up Google Drive space
- Should I use Full-Drive Compression to free up space on Windows?
- How to access user activity on Linux
- How to transfer free space from one drive to another in Windows 10
- How to Zip a File on a Mac
- Move Desktop, Download and Documents to another drive on Windows 10
Maybe you are interested
How to use Net Writer to write blogs on Windows 10 - WordPress and Google Blogger support
How to prevent YouTube from saving activity logs
Steps to view logs and usage history of windows 10 computers
3 ways to delete all event logs in Windows 10
Hide malicious code in Windows logs file to attack computers, new ways of attack by hackers
Guide to backup and restore messages, call logs on smartphones