When I created the compact flash (CF) card for my IPCop test router, I
used the modified mkflash.sh script which performs all sorts of magic to
ensure that the CF isn’t written to too often; CF cards have a limited number
of read/write cycles, somewhere about 100.000, with more expensive cards
allowing double that. Because I also enabled the Snort IDS, which stores its
downloaded rules.tar.gz
(approx 24 MB) in the RAM-disk-mounted
/var/log/snort
, my CF always rus out of space when IPCop is shut down. The
solution is quite simple: edit /etc/rc.d/rc.flash.down
to exclude the backup
of that file:
tar -czf /var/log_compressed/log.tgz \
--exclude=/var/log/snort/rules.tar.gz \
--exclude=/var/log/cache/* /var/log/*
The command (broken onto multiple lines above) then excludes the large Tar archive from the backup and the file system on the CF card is happy. And so am I.