Hey John,
you made my day :)
I almost suspected it :) Thanks for this workaround!
Regards,
Ralph
------------------------------
Ralph Belfiore
Managing Consultant | Senior SIEM Expert
connecT SYSTEMHAUS AG
Siegen
+491726365525
------------------------------
Original Message:
Sent: Thu June 27, 2024 04:09 PM
From: John Dawson
Subject: Error: /etc/logrotate.conf: duplicate log entry for /var/log/wtmp and the same for /var/log/btmp
Hey Ralph
This is a known issue in UP8
https://www.ibm.com/mysupport/s/defect/aCIKe00000001wf/dt387724?language=en_US
There is a workaround in the above link.
Any questions please let us know.
Thanks
------------------------------
John Dawson
Qradar Support Architect
IBM
Original Message:
Sent: Thu June 27, 2024 01:42 PM
From: Ralph Belfiore
Subject: Error: /etc/logrotate.conf: duplicate log entry for /var/log/wtmp and the same for /var/log/btmp
Hi Community,
today i saw in qradar deployment running 7.5.0UP8IF03 an unusual error message related to /etc/cron.hourly/logrotate command.
I realized that the /var/log partition size reached 94% of diskspace. So i followed the ibm technote to investigate starting with 1. Troubleshooting /var/log/ space issues:
https://www.ibm.com/support/pages/qradar-resolving-high-disk-usage-problems-varlog-partition
And during this i tried to run the logrotate command and saw the mentioned output. Finally i solved this issue and were able free up some space.
Any ideas or hints related to this fix this lograte error output?
Regards,
Ralph
------------------------------
Ralph Belfiore
Managing Consultant | Senior SIEM Expert
connecT SYSTEMHAUS AG
Siegen
+491726365525
------------------------------