Phantom /var full messages
Paul Schmehl
pauls at utdallas.edu
Fri Sep 10 10:19:33 PDT 2004
--On Friday, September 10, 2004 07:43:00 PM +0400 Sergey Zaharchenko
<doublef at tele-kom.ru> wrote:
>
> Correct. du can only show the `named' space (the size of files which are
> not unlinked-but-open).
>
> One of the ways to find out what has the largest files open is
>
># fstat | grep /var | sort -r -n -k 8 | head
>
Apparently snort is the culprit. When I killed snort (mysqld is still
running), df began to report less and less space used until it agreed with
du again.
Here's the results of the fstat command per your suggestion:
bash-2.05b# fstat | grep var | sort -r -n -k 8 | head
mysql mysqld 189 56 /var 1036492 -rw-rw---- 4294967276 rw
root snort 341 6 /var 3491966 -rw------- 1260683393 rw
The second file is the only one in the top ten that belonged to snort.
How do you convert the filenames from numbers to names?
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
More information about the freebsd-questions
mailing list