From owner-freebsd-questions  Tue Jan 28 19:22:12 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0BF7B37B401
	for <freebsd-questions@FreeBSD.ORG>; Tue, 28 Jan 2003 19:22:11 -0800 (PST)
Received: from mail.au.darkbluesea.com (mail.au.darkbluesea.com [203.185.208.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 80A6643FB1
	for <freebsd-questions@FreeBSD.ORG>; Tue, 28 Jan 2003 19:22:08 -0800 (PST)
	(envelope-from d.anker@au.darkbluesea.com)
Received: (qmail 55921 invoked by uid 82); 29 Jan 2003 03:17:11 -0000
Received: from unknown (HELO ?10.0.0.188?) (10.0.0.188)
  by mail.au.darkbluesea.com with SMTP; 29 Jan 2003 03:17:11 -0000
Subject: Re: Deleted files not releasing their space (was Re: syslog
	message wrt inodes)
From: Duncan Anker <d.anker@au.darkbluesea.com>
To: David.Bear@asu.edu
Cc: freebsd-questions@FreeBSD.ORG
In-Reply-To: <20030128201743.C18067@asu.edu>
References: <20030128093720.A26639@asu.edu>
	 <3E36E3AF.8030201@potentialtech.com> <44ptqgoidr.fsf@be-well.ilk.org>
	 <20030128201743.C18067@asu.edu>
Content-Type: text/plain
Organization: 
Message-Id: <1043810544.4035.196.camel@duncan.au.darkbluesea.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.0 
Date: 29 Jan 2003 13:22:24 +1000
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, 2003-01-29 at 13:17, David Bear wrote:

> The problem is that I am running snort and its creating hundreds of
> entries in /var/log/snort -- one directory for each alert generated by
> an IP address.  then specific info on that alert in a file under each
> directory.  So -- aside from the standard log files, the will be a
> bazillion files and directories that snort will create.. I know one
> solution would be to create a separate file system for snort, then
> mount it at /var/log/snort --- that would likely be the safest.  Then
> if it ever ran out of inodes, /var/log would still function.  
> 
> 
> but then, this is an old box and I don't have another hard drive to
> throw in it...
> 
> I think stopping and restarting snort did the trick though.

You could also, rather than deleting the files, do something like this:

cat /dev/null > /var/log/snort/whatever.log

This will empty the file without the problem of losing the filehandle.
Seems to work in the majority of cases.

> 
> 
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message