07-31-2009 11:02 AM - edited 03-10-2019 04:43 AM
Our application-log on our 4255 running 7.0(1)E3 is showing 96% full. I don't see any GUI or CLI commands that pertain to the application-log. What is it and how to you clear it?
Craig
07-31-2009 12:07 PM
The application log is the name given in "show ver" for the /usr/ids/idsRoot/var/iplogs partition which for the IPS-4255 is stored in RAM.
On an IPS 4255 the system will automatically create a RAM disk for the partition on bootup, and then the sensor processes will automatically create 512 IPLOG files in the directory.
These 512 files are originally written with empty data, but take up a full 1000000 bytes each.
So these 512 files will automatically fill up the parition 96% full on an IPS-4255.
There are no CLI commands to change this, and none are needed to clean it up. It will always be 96% full.
As new IP Logs are created (in response to the packet log event actions) it will start writing packet data into these 512 IP Log files. When all 512 are full of packet data the sensor will automatically start overwriting the oldest file. So there will always be 512 files and always take up 96% of the partition.
On other sensor models the % used will differ because either the partition size is smaller or larger, and there are smaller or larger number of IP Log files that the sensor creates and uses.
There is no supported method for clearing the IP Logs.
The box can be rebooted in which case all stored information in the IP Logs are lost (remember they were in a RAM disk), and 512 new emtpy files will be created.
06-04-2010 01:23 AM
Hi Marcabal,
I am also facing the same issue in my IPS 4260. please confirm if you have any reference in cisco documents.
Regds,
Saurabh
06-04-2010 04:18 AM
Saurabh;
The application-log is automatically maintained by the sensor operating system. There is no direct method to clear this partition, and the operating system will overwite it as necessary.
Scott
06-08-2010 07:31 PM
Thanks...
regards,
Saurabh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide