Troubleshooting
Problem
The file system on a IBM Security Guardium appliance is filling up.
Cause
If you have Guardium configured to send alerts, reports, etc to the syslog, this information gets logged in the messages files of the Linux OS file system.
Too much information sent to the syslog can cause the messages files to grow very large and fill the file system to 100%.
Too much information sent to the syslog can cause the messages files to grow very large and fill the file system to 100%.
Diagnosing The Problem
Log into CLI and run this command.
support show large_files 1000 0
This command returns a list of all files older than 0 days and larger than 1000 MB. If there are one or more large /var/IBM/Guardium/log/messages files, syslog is filling the disk.
Resolving The Problem
By default, the messages log files will rotate weekly and keep 5 files. Use this CLI command to keep fewer iterations on the appliance.
support logrotate message daily 3
Daily is usually sufficient, but you can set the rotation to hourly if needed.
This CLI command will delete a large file - including syslog - if CLI has delete permission for the file.
support clean log_file /var/IBM/Guardium/log/messages
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m3p000000PCUdAAO","label":"SIEM-\u003ESyslog Forwarding"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
29 April 2026
UID
swg21665455