How to find the file of the explosion disk under Linux

Here is a way for you to quickly find a large file in the system. Recently received a user's report, saying that the portal failed, the console prompts the log to write errors. At first it was suspected that there was disk corruption, the file system automatically enabled the protection mount as read-only mode, and the log could not be written. After troubleshooting, it was found that the application log was not set to start cleanup, resulting in a very large log file that would fill up the disk space. The troubleshooting process used a quick way to find large files.

An analysis problem
Portal failure, console prompt log write error: unable to write to the log. This is the same reason for the failure of the file system to mount in read-only mode due to disk corruption. The maintenance personnel of the equipment room did not find any disk damage alarms and could only check them from other aspects.

Two solutions

2.1 View disk space
Check the disk space by the command df -lH and find that the disk space is full: Since there is no business data stored on the server, the disk space under normal conditions Usage will not change much. The disk space usage rate of 100% is abnormal. It may be that the user has uploaded some large files to cause the space to be occupied.

2.2 View the size of each directory
Here we will introduce the command to view the directory or file size under Linux: dudu and df are different, du can accurately count and sort the size of each directory and subdirectory or file. We see that this server has only one logical volume and is mounted in the root directory, so the size of the directory under the root directory is counted. First look at the directories under the root directory: Fortunately not a lot, statistics should not be too slow. Note that if there are directories with a large number of files on the server, the statistics will take too long. Count the size of each directory in the root directory: Here, -h means to display the size in K, M, and G, and --max-depth=1 means to count only the first level directory. You can see that the /weblogic directory is abnormally large, reaching 7.8G, which accounts for almost half of the disk space. Go to this directory and check to see if there is an abnormal size or number of files. You can see that the three log files are almost 8G, they are the culprit!

Three Summary
Finally, by asking the application manufacturer, it is known that due to security hardening, the original automatic periodic cleaning log setting is removed, resulting in unlimited growth of the log and finally the disk space is directly occupied. After the application logs are cleaned up, the portal is back to normal. Security hardening is the work that the server should perform in time, but the hardening measures should be reviewed before each security hardening to avoid failure.