Re: Deleted files not releasing their space (was Re: syslog message wrt inodes)
On Wed, 2003-01-29 at 13:17, David Bear wrote: The problem is that I am running snort and its creating hundreds of entries in /var/log/snort -- one directory for each alert generated by an IP address. then specific info on that alert in a file under each directory. So -- aside from the standard log files, the will be a bazillion files and directories that snort will create.. I know one solution would be to create a separate file system for snort, then mount it at /var/log/snort --- that would likely be the safest. Then if it ever ran out of inodes, /var/log would still function. but then, this is an old box and I don't have another hard drive to throw in it... I think stopping and restarting snort did the trick though. You could also, rather than deleting the files, do something like this: cat /dev/null /var/log/snort/whatever.log This will empty the file without the problem of losing the filehandle. Seems to work in the majority of cases. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Deleted files not releasing their space (was Re: syslog message wrt inodes)
Bill Moran [EMAIL PROTECTED] writes: Let's see if I remember the details on this. I believe this happens when a file is deleted, but another program still holds a filehandle? to it. Thus, if you delete Apache's log file (for example) but don't restart Apache, the space the logfile is using isn't truely freed. (This is why newsyslog.conf has a column for the PID of a process to restart). So ... if you know which process had the files open, restart it (probably by sending it a -HUP). Right. That's why newsyslog(8) can send a signal on rotating a log file. I'm not quite sure why this is relevant to the actual problem, because it's not really *that* many inodes involved in log files, but then again I'm not sure I completely understand the problem anyway... To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Deleted files not releasing their space (was Re: syslog message wrt inodes)
On Tue, Jan 28, 2003 at 08:27:12PM -0500, Lowell Gilbert wrote: Bill Moran [EMAIL PROTECTED] writes: Let's see if I remember the details on this. I believe this happens when a file is deleted, but another program still holds a filehandle? to it. Thus, if you delete Apache's log file (for example) but Right. That's why newsyslog(8) can send a signal on rotating a log file. I'm not quite sure why this is relevant to the actual problem, because it's not really *that* many inodes involved in log files, but then again I'm not sure I completely understand the problem anyway... The problem is that I am running snort and its creating hundreds of entries in /var/log/snort -- one directory for each alert generated by an IP address. then specific info on that alert in a file under each directory. So -- aside from the standard log files, the will be a bazillion files and directories that snort will create.. I know one solution would be to create a separate file system for snort, then mount it at /var/log/snort --- that would likely be the safest. Then if it ever ran out of inodes, /var/log would still function. but then, this is an old box and I don't have another hard drive to throw in it... I think stopping and restarting snort did the trick though. -- David Bear College of Public Programs/ASU Mail Code 0803 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
