Date: Fri, 10 Sep 2004 12:19:48 -0500 From: Paul Schmehl <pauls@utdallas.edu> To: Sergey Zaharchenko <doublef@tele-kom.ru>, FreeBSD-questions <questions@freebsd.org> Subject: Re: Phantom /var full messages Message-ID: <E60E4345EC27A92CEF6E941D@utd49554.utdallas.edu> In-Reply-To: <20040910154300.GA4588@shark.localdomain> References: <B2230B47178C9E38431A941A@utd49554.utdallas.edu> <200409101523.i8AFNCr07551@clunix.cl.msu.edu> <20040910154300.GA4588@shark.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Friday, September 10, 2004 07:43:00 PM +0400 Sergey Zaharchenko <doublef@tele-kom.ru> wrote: > > Correct. du can only show the `named' space (the size of files which are > not unlinked-but-open). > > One of the ways to find out what has the largest files open is > ># fstat | grep /var | sort -r -n -k 8 | head > Apparently snort is the culprit. When I killed snort (mysqld is still running), df began to report less and less space used until it agreed with du again. Here's the results of the fstat command per your suggestion: bash-2.05b# fstat | grep var | sort -r -n -k 8 | head mysql mysqld 189 56 /var 1036492 -rw-rw---- 4294967276 rw root snort 341 6 /var 3491966 -rw------- 1260683393 rw The second file is the only one in the top ten that belonged to snort. How do you convert the filenames from numbers to names? Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E60E4345EC27A92CEF6E941D>