Phantom /var full messages

Paul Schmehl pauls at utdallas.edu
Fri Sep 10 10:19:33 PDT 2004


--On Friday, September 10, 2004 07:43:00 PM +0400 Sergey Zaharchenko 
<doublef at tele-kom.ru> wrote:
>
> Correct. du can only show the `named' space (the size of files which are
> not unlinked-but-open).
>
> One of the ways to find out what has the largest files open is
>
># fstat | grep /var | sort -r -n -k 8 | head
>
Apparently snort is the culprit.  When I killed snort (mysqld is still 
running), df began to report less and less space used until it agreed with 
du again.

Here's the results of the fstat command per your suggestion:

bash-2.05b# fstat | grep var | sort -r -n -k 8 | head
mysql    mysqld       189   56 /var     1036492 -rw-rw----  4294967276 rw
root     snort        341    6 /var     3491966 -rw-------  1260683393 rw

The second file is the only one in the top ten that belonged to snort.

How do you convert the filenames from numbers to names?

Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


More information about the freebsd-questions mailing list