[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Deleted auth.log



fuser - identify processes using files or sockets.

debian:/var/log# fuser syslog
syslog:               3407
debian:/var/log# fuser -u syslog
syslog:               3407(root)

Em Sáb, 2005-12-03 às 09:50 +1100, Arafangion escreveu:
> On Sat, 3 Dec 2005 10:42 am, René Seindal wrote:
> > Roberto C. Sanchez wrote (03-12-2005 00:34):
> <snip>
> > > That is because, although auth.log is gone, any file descriptors that
> > > were open to it are still available.  Thus, until all the file
> > > descriptors have also been released, the file still "exists."  If you
> > > are not certain of which applications on your system normally write to
> > > auth.log, your best option may be a reboot.
> 
> 
> This leads to an interesting question - are there any tools that can reveal 
> "lost" files - those who no-longer have an entry in the fs, but are still 
> open?
> 
> I would imagine that certain sockets and temp files would fall in this 
> category.
> 
> 
-- 
Marcello Di Marino Azevedo
GNU/Linux Certified Professional - LPIC Level I - http://www.lpi.org/
Registered User #160052 - http://counter.li.org/
GPG Key (@ http://www.keyserver.net/) ID : 4957E13F

Attachment: signature.asc
Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente


Reply to: