On Wed, 2003-01-29 at 13:17, David Bear wrote: > The problem is that I am running snort and its creating hundreds of > entries in /var/log/snort -- one directory for each alert generated by > an IP address. then specific info on that alert in a file under each > directory. So -- aside from the standard log files, the will be a > bazillion files and directories that snort will create.. I know one > solution would be to create a separate file system for snort, then > mount it at /var/log/snort --- that would likely be the safest. Then > if it ever ran out of inodes, /var/log would still function. > > > but then, this is an old box and I don't have another hard drive to > throw in it... > > I think stopping and restarting snort did the trick though.
You could also, rather than deleting the files, do something like this: cat /dev/null > /var/log/snort/whatever.log This will empty the file without the problem of losing the filehandle. Seems to work in the majority of cases. > > > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
