obsd 6.7 - TOR relay (non-exit) & /var folder

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

obsd 6.7 - TOR relay (non-exit) & /var folder

Salvatore Cuzzilla-2
Hi Folks,

I’m running a TOR node on my [APU2c4 (SSD) + OBSD 6.7]

somehow the TOR process is polluting my /var folder until, after few days, it’s fulfilled (~6G).
In the beginning I thought that it was related to the daemon's logs, something misconfigured within newsyslog.conf ... it’s not!

the funny thing is that, as soon as shut the daemon the /var folder is free-up back again…

-----------------------------------------------------------------
12:46:44 -ksh root@APU2c4 /var/tor/diff-cache # df -h | grep /var
/dev/sd0e      6.3G    1.7G    4.4G    28%    /var

12:46:55 -ksh root@APU2c4 /var/tor/diff-cache # rcctl stop tor
tor(ok)

12:48:00 -ksh root@APU2c4 /var/tor/diff-cache # df -h | grep /var
/dev/sd0e      6.3G    327M    5.7G     5%    /var
12:48:00 -ksh root@APU2c4 /var/tor/diff-cache
-----------------------------------------------------------------

I’m a bit lost, from where should I start?


Regards,
Salvatore.




Reply | Threaded
Open this post in threaded view
|

Re: obsd 6.7 - TOR relay (non-exit) & /var folder

Salvatore Cuzzilla-2
Hi Gabriel,

thanks for the hint!

I actually use to "rcctl reload tor" to rotate the logs.
I now switched to "pkill -HUP -u _tor -U _tor -x tor" let's see if it's helping!


Regards,
Salvatore.


June 23, 2020 12:53 PM, "Salvatore Cuzzilla" <[hidden email]> wrote:

> Hi Folks,
>
> I’m running a TOR node on my [APU2c4 (SSD) + OBSD 6.7]
>
> somehow the TOR process is polluting my /var folder until, after few days, it’s fulfilled (~6G).
> In the beginning I thought that it was related to the daemon's logs, something misconfigured within
> newsyslog.conf ... it’s not!
>
> the funny thing is that, as soon as shut the daemon the /var folder is free-up back again…
>
> -----------------------------------------------------------------
> 12:46:44 -ksh root@APU2c4 /var/tor/diff-cache # df -h | grep /var
> /dev/sd0e 6.3G 1.7G 4.4G 28% /var
>
> 12:46:55 -ksh root@APU2c4 /var/tor/diff-cache # rcctl stop tor
> tor(ok)
>
> 12:48:00 -ksh root@APU2c4 /var/tor/diff-cache # df -h | grep /var
> /dev/sd0e 6.3G 327M 5.7G 5% /var
> 12:48:00 -ksh root@APU2c4 /var/tor/diff-cache
> -----------------------------------------------------------------
>
> I’m a bit lost, from where should I start?
>
> Regards,
> Salvatore.

Reply | Threaded
Open this post in threaded view
|

Re: obsd 6.7 - TOR relay (non-exit) & /var folder

Salvatore Cuzzilla-2
After few attempts, I can't still don't understand what's going on
it seems that the only way to free up the /var folder is to restart the
tor's daemon.

"pkill -HUP -u _tor -U _tor -x tor" didn't help ...

Other ideas?

On 23.06.2020 11:50, Salvatore Cuzzilla wrote:

>Hi Gabriel,
>
>thanks for the hint!
>
>I actually use to "rcctl reload tor" to rotate the logs.
>I now switched to "pkill -HUP -u _tor -U _tor -x tor" let's see if it's helping!
>
>
>Regards,
>Salvatore.
>
>
>June 23, 2020 12:53 PM, "Salvatore Cuzzilla" <[hidden email]> wrote:
>
>> Hi Folks,
>>
>> I’m running a TOR node on my [APU2c4 (SSD) + OBSD 6.7]
>>
>> somehow the TOR process is polluting my /var folder until, after few days, it’s fulfilled (~6G).
>> In the beginning I thought that it was related to the daemon's logs, something misconfigured within
>> newsyslog.conf ... it’s not!
>>
>> the funny thing is that, as soon as shut the daemon the /var folder is free-up back again…
>>
>> -----------------------------------------------------------------
>> 12:46:44 -ksh root@APU2c4 /var/tor/diff-cache # df -h | grep /var
>> /dev/sd0e 6.3G 1.7G 4.4G 28% /var
>>
>> 12:46:55 -ksh root@APU2c4 /var/tor/diff-cache # rcctl stop tor
>> tor(ok)
>>
>> 12:48:00 -ksh root@APU2c4 /var/tor/diff-cache # df -h | grep /var
>> /dev/sd0e 6.3G 327M 5.7G 5% /var
>> 12:48:00 -ksh root@APU2c4 /var/tor/diff-cache
>> -----------------------------------------------------------------
>>
>> I’m a bit lost, from where should I start?
>>
>> Regards,
>> Salvatore.

-------
:wq,
Salvatore.

Reply | Threaded
Open this post in threaded view
|

Re: obsd 6.7 - TOR relay (non-exit) & /var folder

Stuart Henderson
On 2020-06-24, Salvatore Cuzzilla <[hidden email]> wrote:
> After few attempts, I can't still don't understand what's going on
> it seems that the only way to free up the /var folder is to restart the
> tor's daemon.
>
> "pkill -HUP -u _tor -U _tor -x tor" didn't help ...
>
> Other ideas?

Did you figure out what files are involved?

If it's logs, use syslog instead.

Reply | Threaded
Open this post in threaded view
|

Re: obsd 6.7 - TOR relay (non-exit) & /var folder

Salvatore Cuzzilla-2

Unfortunately the only think i know for sure is that the /var folder is
constantly loosing free space & When i restart tor it gets back to
normal. I can't (I don't know how to) figure out the involved files ...

"du" is not really helping nor "fstat"  ... Is there anything else
i could test?

On 25.06.2020 09:29, Stuart Henderson wrote:

>On 2020-06-24, Salvatore Cuzzilla <[hidden email]> wrote:
>> After few attempts, I can't still don't understand what's going on
>> it seems that the only way to free up the /var folder is to restart the
>> tor's daemon.
>>
>> "pkill -HUP -u _tor -U _tor -x tor" didn't help ...
>>
>> Other ideas?
>
>Did you figure out what files are involved?
>
>If it's logs, use syslog instead.
>

-------
:wq,
Salvatore.

Reply | Threaded
Open this post in threaded view
|

Re: obsd 6.7 - TOR relay (non-exit) & /var folder

Stuart Henderson
On 2020/06/25 14:59, Salvatore Cuzzilla wrote:
>
> Unfortunately the only think i know for sure is that the /var folder is
> constantly loosing free space & When i restart tor it gets back to
> normal. I can't (I don't know how to) figure out the involved files ...
>
> "du" is not really helping nor "fstat"  ... Is there anything else
> i could test?

du won't show size of an unlinked file.

fstat won't show filenames but will show inode numbes. If it is from a
file that existed at startup and was then moved away, you could capture
inode numbers of all files on the filesystem when starting (find /var
-ls, the first number is the inode number), then compare with the INUM
column in fstat.

Or, if you change logs to syslog, and that fixes the problem, you have
your answer...


> On 25.06.2020 09:29, Stuart Henderson wrote:
> > On 2020-06-24, Salvatore Cuzzilla <[hidden email]> wrote:
> > > After few attempts, I can't still don't understand what's going on
> > > it seems that the only way to free up the /var folder is to restart the
> > > tor's daemon.
> > >
> > > "pkill -HUP -u _tor -U _tor -x tor" didn't help ...
> > >
> > > Other ideas?
> >
> > Did you figure out what files are involved?
> >
> > If it's logs, use syslog instead.
> >
>
> -------
> :wq,
> Salvatore.

Reply | Threaded
Open this post in threaded view
|

Re: obsd 6.7 - TOR relay (non-exit) & /var folder

Salvatore Cuzzilla-2
the issue is temporary “solved":

03:42:36 -ksh ToTo@APU2c4 ~ $ doas cat /etc/tor/torrc | egrep "^Log "
Log debug file /dev/null
Log info file /dev/null
Log notice file /dev/null

it’s confirmed that something is not going well with the logs handling ...



On 25 Jun 2020, at 15:39, Stuart Henderson <[hidden email]> wrote:

On 2020/06/25 14:59, Salvatore Cuzzilla wrote:
>
> Unfortunately the only think i know for sure is that the /var folder is
> constantly loosing free space & When i restart tor it gets back to
> normal. I can't (I don't know how to) figure out the involved files ...
>
> "du" is not really helping nor "fstat"  ... Is there anything else
> i could test?

du won't show size of an unlinked file.

fstat won't show filenames but will show inode numbes. If it is from a
file that existed at startup and was then moved away, you could capture
inode numbers of all files on the filesystem when starting (find /var
-ls, the first number is the inode number), then compare with the INUM
column in fstat.

Or, if you change logs to syslog, and that fixes the problem, you have
your answer...


> On 25.06.2020 09:29, Stuart Henderson wrote:
>> On 2020-06-24, Salvatore Cuzzilla <[hidden email]> wrote:
>>> After few attempts, I can't still don't understand what's going on
>>> it seems that the only way to free up the /var folder is to restart the
>>> tor's daemon.
>>>
>>> "pkill -HUP -u _tor -U _tor -x tor" didn't help ...
>>>
>>> Other ideas?
>>
>> Did you figure out what files are involved?
>>
>> If it's logs, use syslog instead.
>>
>
> -------
> :wq,
> Salvatore.


Reply | Threaded
Open this post in threaded view
|

Re: obsd 6.7 - TOR relay (non-exit) & /var folder

Graeme Neilson-2
What do you have set for Log notice in /etc/tor/torrc?

I run a tor relay without problems on 6.7 and use:
Log notice syslog



On Sun, 28 Jun 2020 at 13:59, Salvatore Cuzzilla <[hidden email]>
wrote:

> the issue is temporary “solved":
>
> 03:42:36 -ksh ToTo@APU2c4 ~ $ doas cat /etc/tor/torrc | egrep "^Log "
> Log debug file /dev/null
> Log info file /dev/null
> Log notice file /dev/null
>
> it’s confirmed that something is not going well with the logs handling ...
>
>
>
> On 25 Jun 2020, at 15:39, Stuart Henderson <[hidden email]> wrote:
>
> On 2020/06/25 14:59, Salvatore Cuzzilla wrote:
> >
> > Unfortunately the only think i know for sure is that the /var folder is
> > constantly loosing free space & When i restart tor it gets back to
> > normal. I can't (I don't know how to) figure out the involved files ...
> >
> > "du" is not really helping nor "fstat"  ... Is there anything else
> > i could test?
>
> du won't show size of an unlinked file.
>
> fstat won't show filenames but will show inode numbes. If it is from a
> file that existed at startup and was then moved away, you could capture
> inode numbers of all files on the filesystem when starting (find /var
> -ls, the first number is the inode number), then compare with the INUM
> column in fstat.
>
> Or, if you change logs to syslog, and that fixes the problem, you have
> your answer...
>
>
> > On 25.06.2020 09:29, Stuart Henderson wrote:
> >> On 2020-06-24, Salvatore Cuzzilla <[hidden email]> wrote:
> >>> After few attempts, I can't still don't understand what's going on
> >>> it seems that the only way to free up the /var folder is to restart the
> >>> tor's daemon.
> >>>
> >>> "pkill -HUP -u _tor -U _tor -x tor" didn't help ...
> >>>
> >>> Other ideas?
> >>
> >> Did you figure out what files are involved?
> >>
> >> If it's logs, use syslog instead.
> >>
> >
> > -------
> > :wq,
> > Salvatore.
>
>
>