Hello,
I'm using a customized version of the latest Oxygen release with kernel
2.4.5 and the grsecurity patch from getrewted. I am using smbmount to
remotely mount an SMB share to log snort logs to. The problem is that the
ram disk that holds /var/log is filling up not with files but with, from
what I can tell, nothing. My logs are usually around 500KB to 1MB, and I
have 8 megabytes set aside for /var/log. Within a few weeks though, it shows
that all 8 MB are used and stops logging, of course. A ds clearly shows that
only 500KB or so are actually in use. When I move the log files off, it
still shows that 7.5MB are in use, unmounting and remounting the ram disk
doesn't fix it, I have to rerun mkram to create a new ram disk in order to
take care of the problem.
The only odd thing I'm doing, and I'm pretty sure it is related to this, is
using smbmount. My smbmounted partition lives at /var/log/snort. Here is the
output of my 'clean' df:
/dev/ram0 32418 14882 17536 46% /
/dev/ram2 4049 209 3840 5% /tmp
/dev/boot 31202 13028 18174 42% /mnt/boot
/dev/ram3 16208 10 16198 0% /var/sh-www/snort
/dev/fd0u1440 1423 551 872 39% /mnt/floppy
/dev/ram1 8102 440 7662 5% /var/log
//dnsfs/firewall 8899584 7005440 1894144 79% /var/log/snort
And here is the output from minutes before of the 'dirty' df:
/dev/ram0 32418 14881 17537 46% /
/dev/ram2 4049 207 3842 5% /tmp
/dev/ram1 8102 8102 0 100% /var/log
//dnsfs/firewall 8899584 7005440 1894144 79% /var/log/snort
/dev/boot 31202 13028 18174 42% /mnt/boot
/dev/ram3 16208 10 16198 0% /var/sh-www/snort
/dev/fd0u1440 1423 551 872 39% /mnt/floppy
No files were changed between these two snap shots, I simply recreated
/dev/ram1 and moved all the log files back, and restarted sysklogd
afterwards.
Does anyone have any idea why this is happening?
Andrew Hoying
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
