ips-4255 space issue

dondongamo · ‎12-28-2005

All

none 525312 500500 24812 96% /usr/cids/idsRoot/var/eventStore

none 525312 40 525272 97% /usr/cids/idsRoot/var/iplogs

Given above is the size of iplogs & IdsEventStore I deleted the logs that starts with 00* and it shows 1% space utilization what about the IdsEventStore can I safely delete this file ? is this a system generated file ?

Pls advise. TIA

Jeffrey Bollinger · ‎12-31-2005

Do NOT delete that file. The eventstore is where all the events are kept in a circular buffer. Deleting that file may mean you'll have to reimage your sensor.

You may get better results from deleting files below which are safe to remove:

# rm -rf /usr/cids/idsRoot/var/updates/files/S69

# rm -rf /usr/cids/idsRoot/var/updates/files/common

# rm /usr/cids/idsRoot/var/virtualSensor/*

# rm /usr/cids/idsRoot/var/.tmp/*

- If not enough space is freed up...

- Also, needed to remove files from:

/usr/cids/idsRoot/var/updates/sigupdate/*

/usr/cids/idsRoot/var/updates/backups/*

/usr/cids/idsRoot/var/updates/*.rpm.pkg

/usr/cids/idsRoot/var/core/mainApp

/usr/cids/idsRoot/var/core/logApp

/usr/cids/idsRoot/var/core/nac

/usr/cids/idsRoot/var/core/authentication

/usr/cids/idsRoot/var/core/ctlTransSource

/usr/cids/idsRoot/var/core/sensorApp

/usr/cids/idsRoot/var/core/-cidcli

/usr/cids/idsRoot/var/core/terminal

/usr/cids/idsRoot/var/core/sendCtlTrans

dondongamo · ‎12-31-2005

I did exactly what you have mentioned but this folder doesn't exist /usr/cids/idsRoot/var/core

and got this result

show ver

Application Partition:

Cisco Systems Intrusion Detection Sensor, Version 4.1(5)S189

OS Version 2.4.22-4240-55smp-bigphys

Platform: IDS-4255

Sensor up-time is 30 min.

Using 1237676032 out of 3974713344 bytes of available memory (31% usage)

Using 489M out of 513M bytes of available disk space (96% usage)

Using 495M out of 513M bytes of available disk space (97% usage)

MainApp 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

AnalysisEngine 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

Authentication 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

Logger 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

NetworkAccess 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

TransactionSource 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

WebServer 2005_Sep_01_21.30 (Release) 2005-09-01T21:30:35-0500 Running

CLI 2005_Aug_02_10.53 (Release) 2005-08-02T10:25:35-0500

Upgrade History:

IDS-K9-sp-4.1-5-S189.rpm.pkg 21:25:00 UTC Tue Sep 20 2005

Recovery Partition Version 4.1(4)S91

I'm still getting this 96% & 97 % usage...any idea ?

dondongamo · ‎01-01-2006

Need info about image recovery procedure...

TIA