On Tue, Jan 28, 2003 at 08:27:12PM -0500, Lowell Gilbert wrote: > Bill Moran <[EMAIL PROTECTED]> writes: > > Let's see if I remember the details on this. > > I believe this happens when a file is deleted, but another program still holds > > a filehandle? to it. Thus, if you delete Apache's log file (for example) but > Right. That's why newsyslog(8) can send a signal on rotating a log file. > I'm not quite sure why this is relevant to the actual problem, because > it's not really *that* many inodes involved in log files, but then > again I'm not sure I completely understand the problem anyway... >
The problem is that I am running snort and its creating hundreds of entries in /var/log/snort -- one directory for each alert generated by an IP address. then specific info on that alert in a file under each directory. So -- aside from the standard log files, the will be a bazillion files and directories that snort will create.. I know one solution would be to create a separate file system for snort, then mount it at /var/log/snort --- that would likely be the safest. Then if it ever ran out of inodes, /var/log would still function. but then, this is an old box and I don't have another hard drive to throw in it... I think stopping and restarting snort did the trick though. -- David Bear College of Public Programs/ASU Mail Code 0803 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
