Syspirit Maintain and manage storage space on a Linux system with various commands and control log management.
📊 Storage Overview
📋 Detailed directory contents
ls -lah💽 Disk space of mounted filesystems
df -h🔢 Inode usage
df -i🔎 Modern disk space view
duf #needs to be installed💿 List disks and partitions
lsblk -a📂 Directory Analysis
📦 Total size of a directory
du -sh folder_name📊 Size of all items in current folder
du -sh *🧱 First-level directories with descending sort
du -h --max-depth=1 | sort -hr📁 List only directories
ls -d */📈 Files/folders by size
du -sh * 2>/dev/null | sort -hr🏆 Identifying Large Files
🔍 Top 10 largest items
du -ah /path/to/directory | sort -rh | head -n 10🐋 Large files (+100M)
find . -type f -size +100M -exec ls -lh {} \; | awk '{ print $NF ": " $5 }'🗂️ Largest system files
find / -type f -size +1G 2>/dev/null | head -10📁 Largest root directories
du -h --max-depth=1 / 2>/dev/null | sort -hr | head -10🧹 Cleanup and Freeing Space
🗑️ Clean unused packages (Debian/Ubuntu)
sudo apt autoremove --purge
sudo apt clean🗑️ Clean unused packages (RedHat/CentOS)
sudo yum autoremove
sudo yum clean all📜 Clean old basic logs
sudo find /var/log -type f -name "*.log" -mtime +30 -delete🗂️ Empty user trash bins
sudo rm -rf /home/*/.local/share/Trash/files/*🚨 Real-time Monitoring
📊 Continuous space monitoring
watch -n 5 'df -h'🔄 Monitor large directories
watch -n 10 'du -sh /var/log /tmp /home | sort -hr'📋 Advanced Log Management
📝 Journalctl (systemd logs)
Managing system logs with systemd to purge and limit used space
Cleanup commands
# Check space used by journal
journalctl --disk-usage
# Purge systemd logs older than 7 days
sudo journalctl --vacuum-time=7d
# Purge systemd logs beyond a certain size (e.g., keep 100M)
sudo journalctl --vacuum-size=100M
# Show logs since last boot
journalctl -b
# Follow logs in real-time
journalctl -f
# Show logs for a specific service
journalctl -u sshPermanent configuration
# Edit journal configuration
sudo nano /etc/systemd/journald.conf
# Useful parameters in [Journal]:
SystemMaxUse=500M # Total space limit
SystemKeepFree=100M # Minimum free space
SystemMaxFileSize=50M # Max size per file
MaxRetentionSec=2592000 # Retention 30 days
# Restart after modification
sudo systemctl restart systemd-journald🔄 Logrotate (automatic rotation)
Automatic log file rotation system to prevent them from growing indefinitely
# Show general configuration
cat /etc/logrotate.conf
# Force log rotation
sudo logrotate -f /etc/logrotate.conf
# Check application configuration
cat /etc/logrotate.d/apache2
# Common config parameters:
rotate 4 # Keep 4 rotations
compress # Compress old logs
daily # Daily rotation
missingok # Ignore if file is missing🔍 Auditd (system audit logs)
Audit system to track critical system access and modifications
# Install auditd if needed
sudo apt-get install auditd
# Show current audit rules
sudo auditctl -l
# View recent audit logs (AVC example)
sudo ausearch -m avc -ts todayAuditd configuration
# Main configuration
sudo nano /etc/audit/auditd.conf
# Useful parameters:
max_log_file = 50 # Max size (MB)
max_log_file_action = rotate # Actions: rotate, suspend, keep_logs, syslog
space_left = 75 # Alert threshold (MB)
action_mail_acct = root # Alert email
# Restart after modification
sudo systemctl restart auditdCustom audit rules
# Rules are located in:
/etc/audit/audit.rules
# or in files under:
/etc/audit/rules.d/
# Example: monitor modifications to /etc/passwd file
-w /etc/passwd -p wa -k passwd_changes
# Apply new rules
sudo systemctl restart auditd🧹 Manual /var/log Cleanup
Commands to manually purge log files and reclaim space
# Delete compressed log files (.gz)
sudo find /var/log -type f -name "*.gz" -delete
# Delete empty log files
sudo find /var/log -type f -empty -delete
# Delete log files modified more than 30 days ago
sudo find /var/log -type f -mtime +30 -exec rm {} \;