Tracing Log File Writes

Difficulty: entry

Source: devops-interviews/devops-interview-questions by Alex Muradov

Answer

Scenario

The /var/log/messages file has been growing unusually fast, filling up disk space within hours.

Task

Identify the process that is writing heavily to /var/log/messages by monitoring system activity in real time. Save the process details using ps and last 50 lines of logs at /home/devops/excessive_log_process.txt

Example

# Before (log file growing rapidly)

/var/log/messages: 15 GB and increasing
Disk usage: 92% and climbing

# After (responsible process identified)

Process identified: rsyslogd (PID 1234)
Confirmed active writes to /var/log/messages

📹 Video Solution