To determine the exact cause of the issue, perform the following troubleshooting steps. Make any needed changes:

1. Log on to the appliance with an SSH client:
   1. Open the SSH client.
   2. In the Host section, type the IP address of the Web Gateway appliance.
   3. Click Open.
2. Locate any abnormally large files.
3. Delete files as needed.
4. Make the needed configuration changes. Depending on the types of files you have located, you might need to disable or modify certain types of logging or other system output.

To locate large files
The locations that contain large files can help with determining the exact cause of the issue. Use the following command to search for large files without specifying a location:

• XX000K = XX MB
• XXX000K = XXX MB
• X000000K = X GB

The following locations often contain large log and output files due to troubleshooting previous issues:

• /opt/mwg/log/user-defined-logs
• /opt/mwg/log/debug/connection_tracing
• /opt/mwg/log/debug/feedbacks
• /opt/mwg/log/debug/message_tracing
• /opt/mwg/log/debug/cores
• /opt/mwg/log/debug/tcpdump
• /opt/mwg/log/debug/ruleengine_tracing

• ls -lh (List the directory contents)
• cd (Change directory)
• du -Ph (Display filesystem partitions)
• du -h --max-depth=1 (Display current filesystem use of the current directory)

  Before you can access the appliance to make configuration changes, you might need to delete files to create available disk space. Use the commands in this section to delete any unnecessary files that you have located.

WARNING: The commands in this section can remove critical parts of the filesystem on your Web Gateway appliance. Improper use can cause the appliance to stop functioning and might require you to reimage the appliance. Ensure that you delete only non-critical files.

Delete commands:

• rm (Remove file)
• rm -f (Force remove file)
• rm -rf (More powerful force removal)
  
  IMPORTANT: The rm -rf command can remove full directories and the files contained in those directories. This removal includes the entire mounted filesystem if it is used on the root directory.

Using wild cards for file deletion:
You can use the asterisk (*) wild card to specify multiple characters in a file name. The most common use is to delete multiple files that match a specific pattern.

Examples:
If you have multiple log files in the format systemlogMMDDYYYY.log:

• rm *.log - Removes all files with the .log extension.
• rm systemlog*.log - Removes all files that begin with systemlog and have the .log extension.
• rm systemlog****2019.log - Removes all systemlog files for the year 2019.

McAfee recommends that you use only the following commands if the current directory contains too many files to use the rm command.

To force delete the contents of the current directory, type the following command:

rm -f *

You can also use the find command with the rm - f command to remove all files that match a specific pattern in the file name.

IMPORTANT: Before you remove the files, McAfee recommends that you return a list of all files and verify that they can safely be removed.

Example:
The following command locates all files that contain .txt in the file name:

find . -type f -name ".txt" -exec ls -l {} \;

After you verify that the files can be safely removed, the command below will force delete the files: 

find . -type f -name ".txt" -exec rm -f {} \;