From: Matt Kettler (mkettlerevi-inc.com)
Date: Wed Jun 08 2005 - 10:56:45 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dan Mahoney, System Admin wrote:
> On Wed, 8 Jun 2005, Jason wrote:
>
>>
>>
>> Dan Mahoney, System Admin wrote:
>>
>>> I know the whole "I'm running out of inodes" thing is in the FAQ.
>>>
>>> What I don't understand is why a potentially large directory is put
>>> in what is one of the typically smallest directories.
>>
>>
>> I'm confused by this statement. Why wouldn't the logs be placed under
>> /var/log?
>
>
> Just to clarify, because under most systems with a separate /var
> partition (the BSD default install included), this directory is on the
> smaller size, and has an inode count to match.
>

And IMHO, such setups make for good workstations, are tolerable as servers, but
make really lousy firewalls, mailservers, or IDS boxes. (I usually find that I
want a bit more /var/log space on my servers than default setups do)

The default partition setup in most OS distributions tries to split a balance,
but it's not appropriate for all situations. Most of these default setups have
large /home and /usr partitions too. That's fine for a multi-user personal
webpage server or workstation, but is useless on a dedicated DNS server.

When setting up a box, treat the default partitions as a baseline, but consider
the usage of the box.

Is the box going to have local users? If not, drop the size of /home (unless
your chroot jails live there).

Is the box going to run a busy server that will log a lot? If so, increase /var.

Is it going to be a mailserver (smtp and pop/imap)? If so, increase /var
significantly for spool and mqueue space.

Is it going to have a lot of applications installed (ie: workstation)? If so,
increase /usr. If it's going to be a dedicated box you can probably cut back
/usr a bit from the default, but keep it reasonably large.

As an example, look at this mail/dns server. It's a no-logins box (other than
sysadmins) so /var is twice the size of /home:

Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda6 7060276 1155440 5546188 18% /
/dev/sda1 101089 13293 82577 14% /boot
/dev/sda5 5036284 50452 4730000 2% /var/chroot
/dev/sda7 4538124 338744 3968852 8% /home
/dev/sda8 1510032 32892 1400432 3% /tmp
/dev/sda2 10080520 1361044 8207408 15% /usr
/dev/sda3 9068648 489652 8118336 6% /var

And note that the use percentages here are fairly even. A default install would
have a really small /var, maybe 1gb, and it would be 50% used. /home would be
10gb, and about 4% used. Clearly that space allocation would not be well suited
to what the box is used for.

Is that my MTA's fault? No. Mail spools belong in /var and take up a lot of
space. Partition appropriately.

-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]