Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
0
Helpful
3
Replies

ips-4255 space issue

dondongamo
Level 1
Level 1

‎12-28-2005 11:49 PM - edited ‎03-10-2019 01:49 AM

All

none 525312 500500 24812 96% /usr/cids/idsRoot/var/eventStore

none 525312 40 525272 97% /usr/cids/idsRoot/var/iplogs

Given above is the size of iplogs & IdsEventStore I deleted the logs that starts with 00* and it shows 1% space utilization what about the IdsEventStore can I safely delete this file ? is this a system generated file ?

Pls advise. TIA

Labels:
0 Helpful
3 Replies 3

Jeffrey Bollinger
Cisco Employee
Cisco Employee

‎12-31-2005 10:07 AM

Do NOT delete that file. The eventstore is where all the events are kept in a circular buffer. Deleting that file may mean you'll have to reimage your sensor.

You may get better results from deleting files below which are safe to remove:

# rm -rf /usr/cids/idsRoot/var/updates/files/S69

# rm -rf /usr/cids/idsRoot/var/updates/files/common

# rm /usr/cids/idsRoot/var/virtualSensor/*

# rm /usr/cids/idsRoot/var/.tmp/*

- If not enough space is freed up...

- Also, needed to remove files from:

/usr/cids/idsRoot/var/updates/sigupdate/*

/usr/cids/idsRoot/var/updates/backups/*

/usr/cids/idsRoot/var/updates/*.rpm.pkg

/usr/cids/idsRoot/var/core/mainApp

/usr/cids/idsRoot/var/core/logApp

/usr/cids/idsRoot/var/core/nac

/usr/cids/idsRoot/var/core/authentication

/usr/cids/idsRoot/var/core/ctlTransSource

/usr/cids/idsRoot/var/core/sensorApp

/usr/cids/idsRoot/var/core/-cidcli

/usr/cids/idsRoot/var/core/terminal

/usr/cids/idsRoot/var/core/sendCtlTrans

0 Helpful

dondongamo
Level 1
Level 1
In response to Jeffrey Bollinger

‎12-31-2005 11:49 PM

I did exactly what you have mentioned but this folder doesn't exist /usr/cids/idsRoot/var/core

and got this result

show ver

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(5)S189

OS Version 2.4.22-4240-55smp-bigphys

Platform: IDS-4255

Sensor up-time is 30 min.

Using 1237676032 out of 3974713344 bytes of available memory (31% usage)

Using 489M out of 513M bytes of available disk space (96% usage)

Using 495M out of 513M bytes of available disk space (97% usage)

MainApp 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

AnalysisEngine 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

Authentication 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

Logger 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

NetworkAccess 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

TransactionSource 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

WebServer 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

CLI 2005_Aug_02_10.53 (Release) 2005-08-02T10:25:35-0500

Upgrade History:

IDS-K9-sp-4.1-5-S189.rpm.pkg 21:25:00 UTC Tue Sep 20 2005

Recovery Partition Version 4.1(4)S91

I'm still getting this 96% & 97 % usage...any idea ?

0 Helpful

dondongamo
Level 1
Level 1
In response to dondongamo

‎01-01-2006 11:58 PM

Need info about image recovery procedure...

TIA

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card