When I created the compact flash (CF) card for my IPCop test router, I used the modified mkflash.sh script which performs all sorts of magic to ensure that the CF isn’t written to too often; CF cards have a limited number of read/write cycles, somewhere about 100.000, with more expensive cards allowing double that. Because I also enabled the Snort IDS, which stores its downloaded rules.tar.gz (approx 24 MB) in the RAM-disk-mounted /var/log/snort, my CF always rus out of space when IPCop is shut down. The solution is quite simple: edit /etc/rc.d/rc.flash.down to exclude the backup of that file:

tar -czf /var/log_compressed/log.tgz \
    --exclude=/var/log/snort/rules.tar.gz \
    --exclude=/var/log/cache/* /var/log/*

The command (broken onto multiple lines above) then excludes the large Tar archive from the backup and the file system on the CF card is happy. And so am I.


blog comments powered by Disqus