Hi,
I installed Asterisk in AWS (10GB storage), and only registered five extensions. However the system always report no space left. After I add more storage in AWS, the system will be full after few days (I did not install any new items).
mkdir: cannot create directory ‘newFolder’: No space left on device
How to I check the storage usage in the system? Also is there any commend to clean up the log?
Thanks
hmm try to find where space is used
cd /
do -sh *
cd /"dir that uses space"
do -sh *
alternativ try use “ncdu”
https://dev.yorhel.nl/ncdu/scr
or
I think you mean to use ‘du’.
My take would be something like:
sudo du --human-readable\
| sort --human-numeric-sort\
| tail --lines=20
should give you a clue.
I found that my PBX have 3.3GB Asterisk log. Is it ok to remove it by rm?
Also, any config can clear the log automatically after a time?
Thanks
Personally, I log everything through syslog – no application specific log files. I like to see everything that is happening when something goes pear shaped.
I also rename my syslog file every night like mv /var/log/syslog /var/log/syslog-$(date +%d) so I always have a month (ish) days of log files on tap and I never have to worry about cleaning up old files – they get over-written (almost) every month.
I am curious why you are creating such a huge file. Are you logging all SIP messages or all ‘AGI debug’ or is your call traffic huge?
The biggest log is messages. However I cant use nano to open it.
How can I read the log?
Thanks
I’m an ‘emacs’ weenie.
Why did your ‘issue’ change from /var/log/asterisk (post 4) to /var/log/messages (post 6)?
I’d be interested in:
'Grepping on the date fields or the program field may yield clues. sort, uniq, and count may help
Sorry for my mistake.
/var/log/asterisk/ is a folder
/var/log/asterisk/messages is a log file which is 3.3GB
Inside messages, there are many warning:
Seem some unknow registers access my PBX.
[Oct 17 17:23:41] NOTICE[700047] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"444" <sip:444@18.183.109.230>' failed for '20.215.192.234:5363' (callid: 1987568804) - No matching endpoint found
[Oct 17 17:23:41] NOTICE[700047] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"444" <sip:444@18.183.109.230>' failed for '20.215.192.234:5363' (callid: 1987568804) - Failed to authenticate
[Oct 17 17:23:41] NOTICE[689698] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"3333" <sip:3333@18.183.109.230>' failed for '138.197.32.45:5097' (callid: 2624634398) - No matching endpoint found
[Oct 17 17:23:41] NOTICE[689698] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"3333" <sip:3333@18.183.109.230>' failed for '138.197.32.45:5097' (callid: 2624634398) - Failed to authenticate
[Oct 17 17:23:41] NOTICE[700047] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"444" <sip:444@18.183.109.230>' failed for '20.215.192.234:5363' (callid: 2543469107) - No matching endpoint found
[Oct 17 17:23:41] NOTICE[700047] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"444" <sip:444@18.183.109.230>' failed for '20.215.192.234:5363' (callid: 2543469107) - Failed to authenticate
[Oct 17 17:23:41] NOTICE[689698] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"3333" <sip:3333@18.183.109.230>' failed for '138.197.32.45:5097' (callid: 1920244357) - No matching endpoint found
[Oct 17 17:23:41] NOTICE[689698] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '"3333" <sip:3333@18.183.109.230>' failed for '138.197.32.45:5097' (callid:
Use a pager, like “more” or “less”.
You have presumably been running for a long time without doing a proper log rotation.
If you remove the file, you should then run “logger rotate”. Otherwise the space will not be freed and Asterisk will continue logging to anonymous file until it is restarted.
See Managing Logs
It appears that you need some firewall rules. Installing Fail2ban may also be prudent.
In general, a ‘deny all except whitelist’ approach is a lot easier than playing Whac-A-Mole with miscreants.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.