From owner-freebsd-questions Tue Jan 28 19:17:48 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8913137B401 for ; Tue, 28 Jan 2003 19:17:47 -0800 (PST) Received: from moroni.pp.asu.edu (moroni.pp.asu.edu [129.219.120.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF28A43F3F for ; Tue, 28 Jan 2003 19:17:46 -0800 (PST) (envelope-from iddwb@moroni.pp.asu.edu) Received: (from iddwb@localhost) by moroni.pp.asu.edu (8.11.6/8.11.6) id h0T3Hhi18215; Tue, 28 Jan 2003 20:17:43 -0700 Date: Tue, 28 Jan 2003 20:17:43 -0700 From: David Bear To: Lowell Gilbert Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Deleted files not releasing their space (was Re: syslog message wrt inodes) Message-ID: <20030128201743.C18067@asu.edu> Reply-To: David.Bear@asu.edu References: <20030128093720.A26639@asu.edu> <3E36E3AF.8030201@potentialtech.com> <44ptqgoidr.fsf@be-well.ilk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <44ptqgoidr.fsf@be-well.ilk.org>; from freebsd-questions-local@be-well.no-ip.com on Tue, Jan 28, 2003 at 08:27:12PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Jan 28, 2003 at 08:27:12PM -0500, Lowell Gilbert wrote: > Bill Moran writes: > > Let's see if I remember the details on this. > > I believe this happens when a file is deleted, but another program still holds > > a filehandle? to it. Thus, if you delete Apache's log file (for example) but > Right. That's why newsyslog(8) can send a signal on rotating a log file. > I'm not quite sure why this is relevant to the actual problem, because > it's not really *that* many inodes involved in log files, but then > again I'm not sure I completely understand the problem anyway... > The problem is that I am running snort and its creating hundreds of entries in /var/log/snort -- one directory for each alert generated by an IP address. then specific info on that alert in a file under each directory. So -- aside from the standard log files, the will be a bazillion files and directories that snort will create.. I know one solution would be to create a separate file system for snort, then mount it at /var/log/snort --- that would likely be the safest. Then if it ever ran out of inodes, /var/log would still function. but then, this is an old box and I don't have another hard drive to throw in it... I think stopping and restarting snort did the trick though. -- David Bear College of Public Programs/ASU Mail Code 0803 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message