Global Security Forum

 View Only

  • 1.  How Increase /opt

    Posted Mon November 22, 2021 09:32 AM

    Hello ;

     

    On my 3105 Qradar version 7.43 appliance the file system /opt sometimes reaches 96%.

    Is there any way to clean this file system or increase its size.

     

    Thanks for your help.

     

    Cdlt

     

     

    Cdlt

     

    image003.png@01D327D3.94BDDD50

    Hichem AZAIEZ

    Responsable Projets transversaux

    UIB/PSO/DSI/PTR

    Tél +216 71 219954

    E-mail :  Hichem.azaiez@uib.com.tn" target="_blank">Hichem.azaiez@uib.com.tn

     http://www.uib.com.tn 

     

    =========================================================

    Ce message et toutes les pieces jointes (ci-apres le "message")
    sont confidentiels et susceptibles de contenir des informations
    couvertes par le secret professionnel. Ce message est etabli
    a l'intention exclusive de ses destinataires. Toute utilisation
    ou diffusion non autorisee interdite.
    Tout message electronique est susceptible d'alteration. La SOCIETE GENERALE
    et ses filiales declinent toute responsabilite au titre de ce message
    s'il a ete altere, deforme falsifie.

    =========================================================

    This message and any attachments (the "message") are confidential,
    intended solely for the addresses, and may contain legally privileged
    information. Any unauthorized use or dissemination is prohibited.
    E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any
    of its subsidiaries or affiliates shall be liable for the message
    if altered, changed or falsified.

    =========================================================



  • 2.  RE: How Increase /opt

    IBM Champion
    Posted Tue November 23, 2021 03:39 AM
    Hi,
    there is no easy way to increase opt partition other than reinstall.
    deleting files isn't easy either as this is System partition. You should look for large files that maybe leftovers from software updates and can safely be removed. Make backups first. For getting more specific instructions use df -h command and paste output here. Pls double check retention policy inside GUI for purging variable data once default disk limit is reached. Lowering the specified value by 5 percent may already help
    Regards. Karl

    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------

    Original Message


  • 3.  RE: How Increase /opt

    Posted Tue November 23, 2021 03:41 AM
    Helpful

    ------------------------------
    Moneymasternow
    ------------------------------

    Original Message


  • 4.  RE: How Increase /opt

    Posted Tue November 23, 2021 05:36 AM

     

    Hi Karl ;

     

    Below df command and ls command of larger files.

    what do you recommend me to do ?

     

    Regards

     

    [root@UIB-IS028 lib]# df -h

    Filesystem                          Size  Used Avail Use% Mounted on

    devtmpfs                             32G  4.0K   32G   1% /dev

    tmpfs                                32G   20K   32G   1% /dev/shm

    tmpfs                                32G  1.3G   31G   5% /run

    tmpfs                                32G     0   32G   0% /sys/fs/cgroup

    /dev/mapper/rootrhel-root           7.4G  4.4G  3.1G  59% /

    /dev/mapper/rootrhel-tmp            1.8G   52M  1.8G   3% /tmp

    /dev/sda2                          1014M  267M  748M  27% /boot

    /dev/sda7                           5.1G   41M  5.1G   1% /recovery

    /dev/sda6                            10G  108M  9.9G   2% /storetmp

    /dev/sda9                           1.1T  3.6G  1.1T   1% /transient

    /dev/sda8                           4.2T  1.6T  2.7T  38% /store

    /dev/mapper/rootrhel-home           601M   31M  570M   6% /home

    /dev/mapper/rootrhel-var            3.0G  316M  2.7G  11% /var

    /dev/mapper/rootrhel-opt            7.4G  6.7G  754M  90% /opt

    /dev/mapper/varlogrhel-varlog       8.4G  2.3G  6.2G  27% /var/log

    /dev/mapper/varlogrhel-varlogaudit  1.7G  241M  1.5G  15% /var/log/audit

    tmpfs                               6.3G     0  6.3G   0% /run/user/0

     

    /opt/ibm/forensics/decapper/decap/lib 

     

    -rwxr-xr-x 1 root root 24854040 Jun  4 15:52 libxerces-c-3.0.so

    -rwxr-xr-x 1 root root 68309808 Jun  4 15:52 libngl++.so

    -rwxr-xr-x 1 root root  1551416 Jun  4 15:52 libicuuc.so.40.1

    -rwxr-xr-x 1 root root 13915320 Jun  4 15:52 libicudata.so.40.1

     

    /opt/qradar/bin/ca_jail/lib

     

    -rwxr--r--   1 root root 3116553 Mar  9  2012 librmapi.so

    -rwxr--r--   1 root root  139753 Mar  9  2012 libmili2.so

    -rwxr--r--   1 root root 2309316 Mar  9  2012 liblrmapi.so

    -rwxr--r--   1 root root   90216 Mar  9  2012 libemulexhbaapi.so

    -rwxr--r--   1 root root  678911 Mar  9  2012 libdfc.so.4.2.14

     

    Cdlt

     

    image003.png@01D327D3.94BDDD50

    Hichem AZAIEZ

    Responsable Projets transversaux

    UIB/PSO/DSI/PTR

    Tél +216 71 219954

    E-mail :  Hichem.azaiez@uib.com.tn" target="_blank">Hichem.azaiez@uib.com.tn

     http://www.uib.com.tn 

     




    Original Message


  • 5.  RE: How Increase /opt

    IBM Champion
    Posted Tue November 23, 2021 12:46 PM
    Hi Hichem,

    as outlined before this isnt easy to fix. From the df -h output all I can see is /opt having reached 90% already. Moreover I can see that you are using forensics function inside. Maybe its a good idea to put that on an extra box?
    Running forensics on your main machine is not best practice. Not sure however as we do not use forensics in our own environment. Dont touch the lib directories.
    Instead please focus on backup and upgrade directories as mentioned before. /opt/qradar/upgrade/728-backup/ would be an example. Use du -h to determine which subdirs contain how much xxM or xG. cd into /opt/qradar and run du -h | grep backup. You will find many /upgrade/*backup/ and /patches/*backup subdirs including release info as listed bove, which you should be able to remove or better move into /store or /storetmp in the 1st place and softlink them if needed (safe option). When moving file use mv -p in order to keep file attributes. The backup dirs listed above should be removable. Please keep those dirs and files related to your current release if any . Be careful and dont forget the current backup!
    Good luck
    Karl

    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------

    Original Message


  • 6.  RE: How Increase /opt

    Posted Tue November 23, 2021 08:06 AM

    This might help:

    https://www.ibm.com/support/pages/qradar-resolving-high-disk-usage-problems-opt-partition

    Thanks,
    Ashish Khandewale

    SIOC Consultant | IBM 



    ------------------------------
    Ashish Khandewale
    ------------------------------

    Original Message


  • 7.  RE: How Increase /opt

    IBM Champion
    Posted Tue November 23, 2021 12:52 PM
    Ashish,

    thank you. Very good hint. Support commands and how to place symlinks is well explained here!

    Karl

    ------------------------------
    [Karl] [Jaeger] [Business Partner]
    [QRadar Specialist]
    [pro4bizz]
    [Karlsruhe] [Germany]
    [4972190981722]
    ------------------------------

    Original Message