Deleted files not releasing their space (was Re: syslog message
wrt inodes)
Duncan Anker
d.anker at au.darkbluesea.com
Fri Sep 24 08:52:49 PDT 2004
On Wed, 2003-01-29 at 13:17, David Bear wrote:
> The problem is that I am running snort and its creating hundreds of
> entries in /var/log/snort -- one directory for each alert generated by
> an IP address. then specific info on that alert in a file under each
> directory. So -- aside from the standard log files, the will be a
> bazillion files and directories that snort will create.. I know one
> solution would be to create a separate file system for snort, then
> mount it at /var/log/snort --- that would likely be the safest. Then
> if it ever ran out of inodes, /var/log would still function.
>
>
> but then, this is an old box and I don't have another hard drive to
> throw in it...
>
> I think stopping and restarting snort did the trick though.
You could also, rather than deleting the files, do something like this:
cat /dev/null > /var/log/snort/whatever.log
This will empty the file without the problem of losing the filehandle.
Seems to work in the majority of cases.
>
>
>
More information about the freebsd-questions
mailing list