Check Filesystem Capacities

What the filesystem capacity monitor does

This Automox Worklet™ evaluates all mounted filesystems on Linux endpoints and identifies which are approaching or exceeding storage capacity. The Worklet uses the df command to gather real-time usage statistics for each partition, excluding virtual filesystems, snap mounts, and temporary storage locations.

The Worklet reports any filesystems that have reached 90% or greater capacity utilization. This threshold triggers an alert that includes the specific partition name, current usage percentage, and the affected endpoint hostname. The Worklet execution immediately provides operational visibility without requiring manual disk usage investigations.

When all filesystems remain below the 90% threshold, the Worklet confirms that no critical capacity issues exist, allowing your IT operations team to confidently manage endpoint storage.

Problems caused by full filesystems

When Linux endpoints run out of disk space, critical services fail immediately. System logs cannot be written, database transactions abort with corruption, and applications crash without warning. Endpoints may become completely unresponsive, requiring manual intervention to free disk space before normal operations can resume.

IT operations teams face expensive emergency troubleshooting when filesystems fill unexpectedly. Without early warning, storage issues trigger cascading failures that disrupt business operations and damage data integrity. Manual disk space investigations consume valuable time and delay resolution.

The 90% threshold provides sufficient notice to plan storage expansion, archive old data, or clean up temporary files before the filesystem actually fills. Proactive monitoring eliminates emergency responses and maintains endpoint reliability across your Linux fleet.

How filesystem capacity monitoring works

1. Evaluation phase: The Worklet executes the df command to retrieve filesystem usage information from all mounted partitions. It filters out virtual filesystems, snap packages, temporary mounts (tmpfs), and CD-ROM endpoints that do not represent actual storage capacity. The script then extracts the usage percentage and partition name for each real filesystem.

2. Remediation phase: The Worklet compares each filesystem's usage percentage against the 90% alert threshold. For any filesystem at or above 90% capacity, the Worklet logs an alert message containing the timestamp, the specific partition name, its current usage percentage, and the endpoint hostname. When all filesystems are below 90%, the Worklet outputs a confirmation message indicating no capacity issues were detected.

Filesystem monitoring requirements

• Linux endpoints with bash shell support (RHEL, CentOS, Ubuntu, Debian, and other standard Linux distributions)

• Standard Linux utilities: df, awk, grep, and cut (included in all major Linux distributions)

• User permissions to execute the df command (typically available to all system users)

• RunNow feature enabled for immediate on-demand execution without waiting for the next scheduled check cycle

Capacity monitoring outcomes

After execution, you gain immediate visibility into filesystem usage across your Linux endpoints. Alerts identify specific partitions exceeding the 90% threshold, including the partition name, current usage percentage, and affected hostname. Filesystems below the threshold require no action.

IT operations teams track storage trends over time, identifying which endpoints consistently approach capacity limits. You plan capacity expansion proactively, archive data before emergencies occur, and prevent service disruptions from full filesystems. The Automox console displays all Worklet results in a centralized dashboard, showing capacity status across your entire Linux fleet at once.

How to validate check filesystem capacities changes

1. Run this Worklet on a pilot Linux endpoint and review evaluation output for check filesystem capacities.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit.

4. Validate remediation effects from script operations such as function, df, then rerun evaluation for compliance.

Expected state after check filesystem capacities changes

After remediation, endpoints reflect the target check filesystem capacities configuration and report compliant status in Automox.

You can confirm results by correlating activity logs with evaluation checks (exit) and remediation actions (function, df).