[cobalt-users] [RaQ3] Panic Logs too big with Dead.Letter - How & Can I delete them

["Render-Vue" <sales@xxxxxxxxxxxxxx>]

After installing portsentry it was logging a udp attack every second if not
sooner...

I then started getting emails from admin regarding logcheck like...

Subject: Cron <root@ns> /usr/local/etc/logcheck.sh

Message exceeds maximum fixed size (10485760)
/root/dead.letter... Saved message in /root/dead.letter

I then went to root and viewed the dead.letter and it's over 41Mb in size
and all it shows is the following:-

Sep 19 15:48:11 ns portsentry[19597]: attackalert: Host: 208.155.xx.xx is
already blocked. Ignoring
Sep 19 15:48:11 ns portsentry[19597]: attackalert: Connect from host:
e0.br3.xxxxxxx.com/208.155.xx.xx to UDP port: 69
Sep 19 ........etcetra

The xxx is the company from whom we lease the servers from.

I then got an email from admin stating...

... is getting very close to full.  This is very dangerous for the server
and can cause unexpected errors to occur.  You either need to move some
files to another storage device and delete them from the Cobalt server
or delete them altogether.  Consult the documentation for help adding
storage to your Cobalt server.

Total disk space:  726.04 MB
Free disk space:  45.03 MB
Percent Used:  93 %

Now I've quickly jumped into the server and noticed the following:-

/root   -   dead.letter is 41Mb
/var/log/messages   -   28Mb
/var/log/xferlog   -  28Mb


I need to know before the server goes tits up how do I kill the logs and get
them back to what they were before portsentry started. I've renamed the file
portsentry to portsentry.old for now to see if that stops the quick
generation of log files and dead.letter. Can I delete dead/letter from
/root. And where else would the disk space be chewed up?

Regards from Auckland

Chae