On Sun, 7 Mar 2004, Payal Rathod wrote:
> file grew almost 1.8Gb and squid stopped. I still had a space of 10Gb on
> the file system where logs were dumped. Why did squid stop then?
Because your OS does not allow files larger than 2GB for "normal"
applications.
> Unfortunately, I could not do much so I immediately stoped squid,
> removed the access.log file after checking the culprit 5 IPs and deleted
> the file. Then the culprit machines were physically removed from the
> network and then squid was restarted. I rotate logs everyday at morning
> 08.00 to have reports through calamaris. In such a suitation, what is the
> best way to deal with it?
Apart from what you have already done:
* rotate the logs more often before the magic 2GB file size limit is
reached.
* write a little script monitoring access.log and when seeing suspicious
activity automatically add a firewall rule to block that IP from accessing
the proxy.
Regards
Henrik
Received on Sun Mar 07 2004 - 10:53:40 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:01 MST