I recently encountered a problem on a Linux/Samba server – A full root drive. Much to my surprise I found that a single file was consuming over 80 Gigs – Hu?! Turns out the culprit was a log.XXXX.old file generated by the Samba process.

These potentially high growth log files live in the /var/log/samba directory. While supposedly limited in size growth by the “max log size = XX” setting in the smb.conf file, I learned the hard way that this file size limitation does not apply to the .old archive of the live file. After the current active log file reaches the size determined by the max log size setting, the contents are appended onto an ever expanding log.XXXX.old file.

So what are the options to mitigate or manage these files? Of course as admins we should always be more proactive in managing and monitoring our systems logs and diagnostics – but there are only so many hours in a day. To that end I’m researching methods of log suppression. So far all my digging indicates that a “log level = 0” should cease all logging, but this does not appear to be the case as I see individual machine connection error logs continuing to generate.

So for now the symptom of a large log file has been identified, but the root cause as to why/how this file expanded remains a mystery.