--On Saturday, September 11, 2004 8:30 AM +0400 Sergey Zaharchenko <[EMAIL PROTECTED]> wrote:

Actually, if the files in question are opened and unlinked, then they have no `name' in the filesystem and find(1) won't help you.

Interesting. I did a find /var -inum {inode_num} and got the name of the file. (session.log, which *should* be hupped when it's turned over.) I've posted on the snort list to see if anyone is aware of this or has seen the problem before. In the meantime, I've commented out the log in the conf file so the server won't gag when I'm not paying attention to it.

Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to