auth.log 30 gb
- Thread starter ramonrgl
- Start date
you can logrotate / delete it, but you'll lose track of people trying to get to your server.. however, I'm guessing this is urgent, but maybe try to back it up before deleting it.
I'd suggest setting up a firewall to restrict who can connect using SSH (If this is a proxmox host, which I guess, you could add the IPs from management network in the management ipset, and enable the firewall with the DROP INPUT policy), either moving your ssh port on another port than 22, and generally make use of fail2ban or reaction to filter out attackers after a few failures using the server's firewall.
Also, you might want to check what is filling daemon.log, and.. tell us what version of pve you're using, for.. that file is not fed by default anymore..
I'd suggest setting up a firewall to restrict who can connect using SSH (If this is a proxmox host, which I guess, you could add the IPs from management network in the management ipset, and enable the firewall with the DROP INPUT policy), either moving your ssh port on another port than 22, and generally make use of fail2ban or reaction to filter out attackers after a few failures using the server's firewall.
Also, you might want to check what is filling daemon.log, and.. tell us what version of pve you're using, for.. that file is not fed by default anymore..
Last edited:
When the file is open removing it does not always release the space immediately. A fast way to empty it is to
echo "" > auth.logAs @Gilou mentioned, you should take your server off the internet, block access to well known ports (22 in this case) and in general beef up your security posture...
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox