When I created the compact flash (CF) card for my IPCop test router, I used the modified mkflash.sh script which performs all sorts of magic to ensure that the CF isn’t written to too often; CF cards have a limited number of read/write cycles, somewhere about 100.000, with more expensive cards allowing double that. Because I also enabled the Snort IDS, which stores its downloaded rules.tar.gz (approx 24 MB) in the RAM-disk-mounted /var/log/snort, my CF always rus out of space when IPCop is shut down. The solution is quite simple: edit /etc/rc.d/rc.flash.down to exclude the backup of that file:

tar -czf /var/log_compressed/log.tgz \
    --exclude=/var/log/snort/rules.tar.gz \
    --exclude=/var/log/cache/* /var/log/*

The command (broken onto multiple lines above) then excludes the large Tar archive from the backup and the file system on the CF card is happy. And so am I.