03-11-2011
16,
1
Join Date: Feb 2011
Last Activity: 11 March 2011, 12:30 PM EST
Location: Saint Louis
Posts: 16
Thanks Given: 6
Thanked 1 Time in 1 Post
tcpdump - stealing storage
Hello,
I hope someone can explain something to me just so I can understand why this took place:
We have Avaya telephony servers that are running RHEL 5 on them. A week ago, callers were dialing into the server and could not hear a ".wav" file that was supposed to be played in an AVP IVR. Not real important.
Come to find out, the / mount was out of storage. The strange thing was nothing really was adding up. I performed the df and du commands. I also performed the find command with the size flags to see if there were some large log files . . . nothing really showed up that was large. The / mount btw was 20 Gigs.
While doing a ps aux command I saw some tcpdumps taking place (over a year ago). It was piping the output to the tmp directory. I looked and these traces were NOT in the tmp directory.
Once I killed the processes, the storage came back!!!!
I just was hoping that someone could tell me where these files were at because I sure didn't see them. I can only assume that the trace was taking place, then an admin forgot to kill them. Then maybe some /tmp cleanup job removed the files but had I not performed the ps aux command I would have never known about this.
I understand that a reboot would have absolutely fixed this problem, but I hate to reboot unless absolutely necessary.
Thanks for sheding light on this. Linux is a learning experience for me every day and I always learn something valuable from these forums!
Tim.