Woke up this morning any my 250GB, which had approx. 50% free space last night, was totally out of disk space!
Took me all day, but finally found a file in /private/var/audit/ called "20110423020458.crash_recovery" that is 126.61GBytes!
I've tried running daily/weekly/monthly via Onyx. Running most all the cache cleaning scripts. Used Techtool, the DiskWarrior. Finally went to SnowLeopard Cache Cleaner and Applejack deep cleaning.
Nothing got rid of it. Only reason I eventually found the file at all is that it showed up in DaisyDisk (it didn't in other mappers).
Question is => is it safe top delete /private/var/audit/20110423020458.crash_recovery ?
I know there is various Unix core stuff in /private, but that is about the limit of my knowledge there. I've got all manner of good backups (CCL, Time Machine, Dropbox) – so I'm not as worried about data loss as I am jsut anxious to get my system back (everything working normal except disk space issued…booted from external drive and deleted 5GB to make some breathing room).
Thanks for any advice / tips in advance! – Larry
(System: MBP Late 2010 Unibody, 8GB RAM, 250GB HD, OS 10.6.7)
Best Answer
Yes. You have enabled auditing somewhere along the line, being a wise person, but you have not trimmed the file, being a human, like I. Note the instant edit ;)
if you can get a shell will show you where you need to go
( look at them on the apple dev site )
i think here you want
to get rid of your old audit files.
From the man page:
The audit utility controls the state of the audit system. One of the following flags is required as an argument to audit:
On my system:
Yes. It's audit -e