Creating separate volume for /var/log/ and /var/log/audit/

filesystems partition lvm
9,928

I need to migrate /var/log/ and /var/log/audit to separate partitions. Currently the entire /var/ directory is on a logical volume with ample space (45G).

LVM is the partition type, so you meant migrate to new logical volumes, right?

I understand how to shrink and create new logical volumes (and the associated risks of resizing and need for full backups beforehand).

Won't touch that, then.

My question may be a simple one. How am I able to have /var/log/ on partition "B" if I've already mounted /var/ to partition "A"?

Again, you meant volume, not partition, right?

Stop system logging and auditing and anything else writing to /var/log and /var/log/audit directories. Create a TAR archive of the directories, /var/log and /var/log/audit.

This sounds like a DoD system to which you are applying a STIG. If so, keep your SELinux attibutes and any other ACLs and extended attributes with something like this: tar --selinux --acls --xattrs -cvf var_log.tar /var/log.

Shrink the logical volume holding /var/ by as much as you want for the space you need in /var/log and /var/log/audit. Then create two new logical volumes, one for /var/log and one for /var/log/audit. Format the new volumes.

Optionally remove the data from the existing /var/log and /var/log/audit directories. Mount the new volumes in /var/log and /var/log/audit. Unpack the TAR archives to restore the system logging and accounting data. Start system logging and accounting services.

Add these new volumes to /etc/fstab.

Share:
9,928

Related videos on Youtube

Gbo
Author by

Gbo

Updated on September 18, 2022

Comments

  • Gbo
    Gbo over 1 year

    I need to migrate /var/log/ and /var/log/audit to separate volumes. Currently the entire /var/ directory is on a logical volume with ample space (45G). I understand how to shrink and create new logical volumes (and the associated risks of resizing and need for full backups beforehand).

    My question may be a simple one. How am I able to have /var/log/ on volume "B" if I've already mounted /var/ to volume "A"?

  • Gbo
    Gbo almost 9 years
    Will I need to list the new volumes in /etc/fstab in any particular order?
  • Christopher
    Christopher almost 9 years
    I suspect that order does matter, but I do not know the truth about it. Myself, I do certainly list them in the order that they should be mounted: for this, the first in the list is /var and then the others follow below /var
  • Gbo
    Gbo almost 9 years
    Ok this works nicely. I added /var/log/ and /var/log/audit/ in sequence under /var/ in fstab - no issues. Thanks for the response.
  • Rich
    Rich over 4 years
    link to STIG has moved

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Resize root lvm partition
What's the difference between Linux and Linux LVM?
Moving /usr to its own filesystem/logical volume
How to mount new logical volume (adding to fstab and mtab)?
How to increase size of filesystem to match partition
How to Expand LVM2 Partition in Fedora Linux
The merits of a partitionless filesystem
Updating disk free size without rebooting the host
Does it make sense to put btrfs on lvm?
Filesystem types for encrypted partitions