I received an alert that my disk-full:var:node:1. I logged into my NS8 and discovered that my/dev/mapper/vg_var-lv_var was at 86%. Here are the details from my NS8:
Device /dev/mapper/vg_var-lv_var
Mount point /var
File system ext4
Total 47.93 GiB
Used 41 GiB
Free 4.47 GiB
Is this something to be concerned about? What can I do to help alleviate this issue and ensure I don’t run out of space? All my other drives on my NS8 are under 55%.
As always I appreciate your reply! What is saved in this location - /dev/mapper/vg_var-lv_var? I’ve read through the link you provided. I only upgraded from NS7 to NS8 in February and I have 47 GB allocated to this directory. What would cause this directory to begin filling up after only 2 months of use?
Any ideas you may have or any other commands I can run to find the root cause of what’s filling up this directory would be greatly appreciated.
I’ve done some more digging and discovered that my /var/log/messages and the zipped messages are very large (active messages file is 7GB and two of the compressed messages files are 13GB and 15GB respectively).
I then initiated a search within my messages using this command that looks for the most frequent full messages that gives me a ranked list of the most common log entries, stripping off the timestamps and hostnames:
The number beside each line is how many times that line was found in /var/log/messages. Here are the results:
91395 samba-dc[5895]: TLS source4/lib/tls/tls_tstream.c:1449 - Decryption has failed.
5992 samba-dc[3540]: TLS source4/lib/tls/tls_tstream.c:1449 - Decryption has failed.
3639 pecbridge[8346]: INFO com.sonicle.pecbridge.Main - Running mailboxes scan
3639 pecbridge[8346]: INFO com.sonicle.pecbridge.Configuration - Refreshing relays
It would appear I have an issue with samba-dc TLS. Doing some more digging I see that this TLS problem indicates that the Samba Directory Controller (DC) is experiencing TLS decryption failures. This typically arises from issues related to TLS certificate configuration, mismatches, or encryption protocol inconsistencies. I tried looking for the container running samba (sudo podman ps) but none of the containers had “samba” in the name. I thought if I could look into the smb.conf file I could see how TLS was configured.
I’m hoping someone from the @support_team can assist me here with finding out why I seem to have issues with Samba TLS on my NS8. Please provide me some details on what this error refers to within NS8 and how I fix this error.
As a workaround you could filter those messages from being written to messages log, there were similar issues with SOGo in NS7, see also SOGo — NethServer 7 Final
The smb.conf for instance samba1 is located in /home/samba1/.local/share/containers/storage/volumes/config/_data/smb.conf
Thanks very much, @mrmarkuz for this very helpful reply! Are you or others also seeing their /var/log/messages file fill up with similar TLS errors?
If you don’t mind, could you be more specific on how I can create a discard filter for my /var/log/messages so that this TLS error is not written? Not only for my benefit but also for others who may happen upon this post with the same issue and need to add this discard filter.
The details in the link provided were for NS7 and this being NS8 and using Podman (containers) I’m assuming the process is very different. I don’t want to do this incorrectly either. Are there more detailed steps someplace I can follow on how to create the discard filter and what exactly is the command I need to initiate on NS8 to restart the required service so this error is not written to my messages file?
Also, if this is a common issue that others have found, is there a fix from Nethserver on the way to ensure this error isn’t written for no reason? I’m a little concerned with setting up a discard filter for this if one day in the future this could be a real issue and I’ll never know because I’ve filtered it out of my messages file.
Are others having an issue with their messages log file getting filled up with these Samba TLS decryption errors? If yes, are there plans to fix this in Nethserver so we don’t have to add a filter? If at some point these errors do become real I’m hesitant to add a filter to my messages log file.