Managing File System Space


Contents

About this document
    Related documentation
If root (/) is full
If /var is full
Other file systems or general search techniques

About this document

This document addresses what files may need monitoring on a system to prevent excess space utilization and what to look for if space in a file system is unexpectedly lost. This document applies to all versions of AIX.

Related documentation

The product documentation library is also available:
http://www.rs6000.ibm.com/library/

If root (/) is full

NOTE: Before removing any files, the user should check to see if the file is currently in use by an active user process. Execute the following command:

    fuser <filename>

filename is the file name that is being checked by the active user process. If a file is open at the time of removal, it is only removed from the directory listing. The blocks allocated to that file are not freed until the process holding the file open is killed.


If /var is full

NOTE: The trcfile file in this directory may be large due to a trace being run. The file can be removed by executing the following:

   rm /var/adm/ras/trcfile

You may also have vmcore* files in the /var/adm/ras directory if your dump device is set to hd6 (which is the default). If these files are old and/or you do not wish to persue them, you may remove them.

  • The /var/spool directory contains the queueing subsystem files. Clear the queueing subsystem by executing the following commands:

    1. stopsrc -s qdaemon
    2. rm /var/spool/lpd/qdir/*
    3. rm /var/spool/lpd/stat/*
    4. rm /var/spool/qdaemon/*
    5. startsrc -s qdaemon

  • The /var/adm/acct directory contains accounting records. If accounting is running, this directory may contain several large files. Information on how to manage these files can be found in System Management Guide Chapter 14 (SC23-2457-01).

  • The /var/preserve directory contains terminated vi sessions. Delete these.

    While old vi sessions can be used to recover files that were abnormally terminated, these files can be deleted. However, the user may want to keep some of the newer ones in case users want to recover files. To recover a file, execute the following:

        -r <filename> or  -r
    
    This will list all available files that are recoverable.

  • Modify /var/adm/sulog.

    This file tracks the number of attempted uses of su and whether they are successful or not. This is a flat file and can be viewed and modified with a favorite editor. If it is removed it will be recreated by the next attempted su.

  • Modify /var/tmp/snmpd.log.

    This is used by the snmpd daemon as a log. If the file is removed it will be recreated by the snmpd daemon.

    NOTE: The size of this file can be limited so that it does not grow indefinitely by editing the /etc/snmpd.conf file under the section for size. This is in bytes.

    NOTE: The find command can also be used to discover large files in /var. Execute the following:

       find /var -xdev -size  +2048 -ls| sort -r  +6
    

    NOTE: AIX provides a general system cleanup script called skulker located in the /usr/sbin directory. Before attempting to run the skulker command, look at the skulker entry in the product documentation. Read the script for details to determine what files it will delete and what time frame it will allow files to exist before deletion.

    skulker may be run as a cron job using the following crontab entry:

       0 3 * * * /usr/sbin/skulker
    

    Consider limiting the errlog by the running these entries in cron:

       0 11 * * * /usr/bin/errclear -d S,O 30
       0 12 * * * /usr/bin/errclear -d H 90
    

    Other file systems or general search techniques

    Use the find command with the -size flag to attempt to locate large files or, if the file system just filled up, use the -newer flag to find recently modified files. To produce a file for the -newer flag to find against, use the following touch command:

       touch <mmddhhmm filename>
    

    From left to right, the following correspondences apply:

    Execute the following command:

       find /<filesystem_name> -xdev -newer <touched_file> -ls
    

    Another useful flag for the find command will allow files to be located that have been changed in the last 24 hours.

    For example:

       find /<filesystem_name> -xdev -mtime 0 -ls
    



    [ Doc Ref: 90605222714636     Publish Date: Oct. 19, 2000     4FAX Ref: 1609 ]