Running a VPS with Ubuntu 12.04.5 LTS. Noticed a spike in disk usage.
Turns out the culprit is lastlog. Overwrote it with >/var/log/lastlog.
After logging out of the session and logging back in, lastlog increases in size again:
-rw-rw-r-- 1 root utmp 4.2G May 5 06:32 /var/log/lastlogIs this something known? How can I stop lastlog from using up so much space?
Thank you!
71 Answer
/var/log/lastlog is a sparse file meaning its real size is not reported by ls -l but by ls -s. This means that your lastlog might not be as huge as you think:
Try:
ls -s /var/log/lastlogto get a report of its size in blocks.
The sudden growth of /var/log/lastlog means a high UID user as logged out. Look at lastlog man page
Edit - To fix it:
You can found out the last logged out user by using lastlog command.
And after making sure the user is not logged in with w command, change its UID. See how in "How to change user gid and uid"
Then clear /var/log/lastlog like you already did with
> /var/log/lastlogNote: Using an uid of 6565666, I only got 1.8G for /var/log/lastlog. So your user must have an uid higher than 26262664 ???
