Phantom /var full messages
Paul Schmehl
pauls at utdallas.edu
Fri Sep 10 22:55:52 PDT 2004
--On Saturday, September 11, 2004 8:30 AM +0400 Sergey Zaharchenko
<doublef at tele-kom.ru> wrote:
>
> Actually, if the files in question are opened and unlinked, then they
> have no `name' in the filesystem and find(1) won't help you.
>
Interesting. I did a find /var -inum {inode_num} and got the name of the
file. (session.log, which *should* be hupped when it's turned over.) I've
posted on the snort list to see if anyone is aware of this or has seen the
problem before. In the meantime, I've commented out the log in the conf
file so the server won't gag when I'm not paying attention to it.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
More information about the freebsd-questions
mailing list