topic Re: How can I figure out why my lastlog directory is huge? in Splunk Search

How can I figure out why my lastlog directory is huge?

wvalente — Mon, 07 Aug 2017 20:38:19 GMT

Hi guys,

Why is my lastlog directory so huge?

-rw-r--r--. 1 root   root   **216G** Aug  7 17:35 lastlog

What can I do to reduce it?

Thanks

Re: How can I figure out why my lastlog directory is huge?

cpetterborg — Mon, 07 Aug 2017 21:21:48 GMT

The file should not be that big. Period.

You can't reduce the size without deleting all the data. If you want to delete all the data, don't delete the file, because your system will keep it open and it will stay the same size until you reboot. You can delete the contents of the file with the following command:

cp /dev/null >/var/log/lastlog

Re: How can I figure out why my lastlog directory is huge?

dshakespeare_sp — Tue, 08 Aug 2017 09:41:53 GMT

I believe that lastlog is a sparse file see http://www.noah.org/wiki/Lastlog_is_gigantic