Date: Fri, 24 Sep 2004 15:52:49 -0000 From: Duncan Anker <d.anker@au.darkbluesea.com> To: dwbear75@gmail.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Deleted files not releasing their space (was Re: syslog message wrt inodes) Message-ID: <1043810544.4035.196.camel@duncan.au.darkbluesea.com> In-Reply-To: <20030128201743.C18067@asu.edu> References: <20030128093720.A26639@asu.edu> <3E36E3AF.8030201@potentialtech.com> <44ptqgoidr.fsf@be-well.ilk.org> <20030128201743.C18067@asu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2003-01-29 at 13:17, David Bear wrote: > The problem is that I am running snort and its creating hundreds of > entries in /var/log/snort -- one directory for each alert generated by > an IP address. then specific info on that alert in a file under each > directory. So -- aside from the standard log files, the will be a > bazillion files and directories that snort will create.. I know one > solution would be to create a separate file system for snort, then > mount it at /var/log/snort --- that would likely be the safest. Then > if it ever ran out of inodes, /var/log would still function. > > > but then, this is an old box and I don't have another hard drive to > throw in it... > > I think stopping and restarting snort did the trick though. You could also, rather than deleting the files, do something like this: cat /dev/null > /var/log/snort/whatever.log This will empty the file without the problem of losing the filehandle. Seems to work in the majority of cases. > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1043810544.4035.196.camel>