Log files are taking too much space and I can't delete\clear them

Question

After using Ubuntu for 2.5 months, my /var directory reached around 37 GB or RAM while my / directory is all 50 GB or RAM and the rest of space is for my /home.

I found that the following files are taking too much space in /var/log

-rw-r----- 1 syslog            adm   14G Feb  2 07:46 kern.log.1
-rw-r----- 1 syslog            adm   13G Feb  2 07:46 ufw.log.1
-rw-r----- 1 syslog            adm  5.9G Feb  2 07:46 syslog.1
-rw-r----- 1 syslog            adm  451M Feb  2 23:53 syslog
-rw-r----- 1 syslog            adm  451M Feb  2 23:53 kern.log
-rw-r----- 1 syslog            adm  441M Feb  2 23:51 ufw.log

Side question, what is syslog and adm ?!

Seeing ufw there, I checked it's configuration

$ sudo ufw status verbose
Status: active
Logging: on (full) <<<<<

So I set logging to low

$sudo ufw logging low

I read that logrotate should handle log rolling but it's configuration doesn't seem to handle the /var/log directory by default.

This is my /etc/logrotate.conf file content

$ cat /etc/logrotate.conf 
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0660 root utmp
    rotate 1
}

# system-specific logs may be configured here

I tried deleting the log-file-name.log.digit (i.e. kernel.log.1, ufw.log.1, whatever.log.0) but I couldn't. I tried sudo echo '' > kernel.log.1 but I failed too. It always says

$ sudo echo '' > kern.log.1 
bash: kern.log.1: Permission denied

Restarting didn't help either. The logs directory wasn't cleared (I thought linux clears all the logs when it restarts, obviously I'm wrong), and I still couldn't clear\delete the mentions logs.

How can I clear those logs and make sure I never face this situation again ?

Using Ubuntu 13.10

Answer

sudo rm /var/log/*.1

But I suspect that what made my command faile is that I tried doing the same thing while I'm inside the directory /var/log (i.e. pwd = /var/log, then running sudo rm kernel.1.log). If someone faces the same situation, please try removing *.1 files while being in the /var/log directory (i.e. cd /var/log;sudo rm*.1) and report the results. Thank you.

Answer 1

Your current logs are fine, still, those without .1. That is good, and you can remove it with:

sudo rm /var/log/*.1

Now you command doesn't work because of this:

sudo 'Everything here runs as root' > Everything here run as user

So if you wanted to do what you tried the correct would be:

sudo sh -c "echo '' > kern.log.1"

This is because the pipe opens a shell with the current user.

Answer 2

You can truncate logs without deleting by

cat /dev/null > file.log

But backup and archive log before execute command is useful.