--On Thursday, September 09, 2004 01:03:33 PM -0400 Bill Moran
<[EMAIL PROTECTED]> wrote:
Thanks, Bill. That's really helpful. I suspected it was snort, but I
wasn't sure. I'll shut down one process at a time and see when df "returns
to normal". I am using newsyslog.conf which *should* HUP processes when
logs are turned over, but maybe I missed something.
Any hints would be welcomed. What's the best way to troubleshoot this
First, if you could isolate it to just snort or just MySQL.
Typically, folks have this problem because they try to rotate log files
without restarting the program that's logging to them. The rotate program
compresses the current log file into a new file, then deletes the original
file ... but the program is still logging to it. Thus the space fills up,
but there is no file to see the space in. Restarting the program doing
the logging causes the old file to disappear, and a new log file to be
On a guess, Snort would be the first thing I'd look at. However, MySQL
can create a TON of data if logging is enabled, so you may want to look
closely at it as well.
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"