On Sun, 7 Mar 2004, Payal Rathod wrote: > file grew almost 1.8Gb and squid stopped. I still had a space of 10Gb on > the file system where logs were dumped. Why did squid stop then?
Because your OS does not allow files larger than 2GB for "normal" applications. > Unfortunately, I could not do much so I immediately stoped squid, > removed the access.log file after checking the culprit 5 IPs and deleted > the file. Then the culprit machines were physically removed from the > network and then squid was restarted. I rotate logs everyday at morning > 08.00 to have reports through calamaris. In such a suitation, what is the > best way to deal with it? Apart from what you have already done: * rotate the logs more often before the magic 2GB file size limit is reached. * write a little script monitoring access.log and when seeing suspicious activity automatically add a firewall rule to block that IP from accessing the proxy. Regards Henrik
