From owner-freebsd-questions@FreeBSD.ORG Fri Sep 24 15:52:49 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A3F116A4D2 for ; Fri, 24 Sep 2004 15:52:46 +0000 (GMT) Received: from post5.inre.asu.edu (post5.inre.asu.edu [129.219.110.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24FFD43D46 for ; Fri, 24 Sep 2004 15:52:46 +0000 (GMT) (envelope-from David.Bear@asu.edu) Received: from conversion.post5.inre.asu.edu by asu.edu (PMDF V6.1-1X6 #30769) id <0I4J00B01YL7SO@asu.edu> for freebsd-questions@FreeBSD.ORG; Fri, 24 Sep 2004 08:48:43 -0700 (MST) Received: from smtp.asu.edu (smtp.asu.edu [129.219.110.107]) <0I4J00BEEYL6GB@asu.edu>; Fri, 24 Sep 2004 08:48:42 -0700 (MST) Received: from moroni.pp.asu.edu (moroni.pp.asu.edu [129.219.69.200]) (8.12.10/8.12.10/asu_smtp_relay,nullclient,tcp_wrapped) with ESMTP id i8OFmf71015370; Fri, 24 Sep 2004 08:48:41 -0700 (MST) Received: by moroni.pp.asu.edu (Postfix, from userid 500) id 5688CF2C; Fri, 24 Sep 2004 08:47:54 -0700 (MST) Received: from post1.inre.asu.edu (post1.inre.asu.edu [129.219.110.72]) by moroni.pp.asu.edu (8.11.6/8.11.6) with ESMTP id h0T3M5k18259 for ; Tue, 28 Jan 2003 20:22:09 -0700 Received: from conversion.post1.inre.asu.edu by asu.edu (PMDF V6.1 #40110) id <0H9G00I01HCTP1@asu.edu> for iddwb@moroni.pp.asu.edu (ORCPT David.Bear@asu.edu); Tue, 28 Jan 2003 20:22:05 -0700 (MST) Received: from mail.au.darkbluesea.com (mail.au.darkbluesea.com [203.185.208.1]) by asu.edu (PMDF V6.1 #40110) with ESMTP id <0H9G00G5IHCMUL@asu.edu> for iddwb@moroni.pp.asu.edu (ORCPT David.Bear@asu.edu); Tue, 28 Jan 2003 20:22:05 -0700 (MST) Received: (qmail 55921 invoked by uid 82); Wed, 29 Jan 2003 03:17:11 +0000 Received: from unknown (HELO ?10.0.0.188?) (10.0.0.188) by mail.au.darkbluesea.com with SMTP; Wed, 29 Jan 2003 03:17:11 +0000 From: Duncan Anker In-reply-to: <20030128201743.C18067@asu.edu> To: dwbear75@gmail.com Message-id: <1043810544.4035.196.camel@duncan.au.darkbluesea.com> Organization: MIME-version: 1.0 X-Mailer: Ximian Evolution 1.2.0 Content-type: text/plain Content-transfer-encoding: 7bit Old-To: David.Bear@asu.edu Lines: 27 References: <20030128093720.A26639@asu.edu> <3E36E3AF.8030201@potentialtech.com> <44ptqgoidr.fsf@be-well.ilk.org> <20030128201743.C18067@asu.edu> cc: freebsd-questions@FreeBSD.ORG Subject: Re: Deleted files not releasing their space (was Re: syslog message wrt inodes) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Fri, 24 Sep 2004 15:52:49 -0000 X-Original-Date: Wed, 29 Jan 2003 13:22:24 +1000 X-List-Received-Date: Fri, 24 Sep 2004 15:52:49 -0000 On Wed, 2003-01-29 at 13:17, David Bear wrote: > The problem is that I am running snort and its creating hundreds of > entries in /var/log/snort -- one directory for each alert generated by > an IP address. then specific info on that alert in a file under each > directory. So -- aside from the standard log files, the will be a > bazillion files and directories that snort will create.. I know one > solution would be to create a separate file system for snort, then > mount it at /var/log/snort --- that would likely be the safest. Then > if it ever ran out of inodes, /var/log would still function. > > > but then, this is an old box and I don't have another hard drive to > throw in it... > > I think stopping and restarting snort did the trick though. You could also, rather than deleting the files, do something like this: cat /dev/null > /var/log/snort/whatever.log This will empty the file without the problem of losing the filehandle. Seems to work in the majority of cases. > > >