Timeline for Is there a reason why /var/log/lastlog is a huge sparse file (1.1TB)?
Current License: CC BY-SA 4.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Sep 23, 2020 at 21:23 | comment | added | Julie in Austin | it's actually /var/log/faillog, which isn't actually a log file, in the sense of being continually appended to. | |
| Jul 15, 2019 at 11:30 | comment | added | ilkkachu | @mosvy, I never said it was. Tell that to the author of this answer. | |
| Jul 14, 2019 at 23:33 | comment | added | user313992 | @ilkkachu lastlog is not a log file like /var/log/messages. It's normal to be a big sparse binary file, since it's basically an array of structs indexed by user id, and the user ids are not contiguous. | |
| Jul 14, 2019 at 23:25 | comment | added | user313992 | lastlog has nothing to do with log files. Your answer is completely off. Try man lastlog and man pam_lastlog. | |
| Jul 14, 2019 at 22:03 | comment | added | ilkkachu | Actually, writing in append mode doesn't create a sparse file like that, the writes go to the end of the file, where ever it is at that point. (A write in normal mode would work as you described though.) But anyway, you've described how a file becomes sparse if it's truncated while being open, but where does it say that they truncated the file without restarting the relevant processes? Also, given that the man page for lastlog explicitly says that the file is sparse, are you sure it's used like a regular log file to begin with? | |
| Jul 14, 2019 at 21:40 | history | edited | waltinator | CC BY-SA 4.0 | added reasonint |
| Jul 14, 2019 at 21:30 | comment | added | ilkkachu | How do you know the files ended up being sparse because of truncating without restarting the programs? Give some reasoning for that claim. | |
| Jul 14, 2019 at 8:10 | comment | added | humanityANDpeace | So then I must have gotten myself into an endless loop, since my cure for when those files have grown excessively huge has since been to truncate them back to size (which as if I read correctly your answer is supposed to be the original cause of the huge size in and on itself?). I am puzzled how this however reaches sizes up to 1TB since, I would supposed imparative reboots for kernel updates would have interrupted any logging processes anyway. I want to believe you, but I am struggling to really grasp the particularities of this, i..e. how a file becomes sparse + huge, can you enlight me? | |
| Jul 13, 2019 at 23:43 | history | answered | waltinator | CC BY-SA 4.0 |