Re: Ext3 File System "Too many files" with snort

From: jmerkey
Date: Fri Jul 09 2004 - 13:54:07 EST

Next message: Andrew Morton: "Re: 2.6.7-mm7"
Previous message: Pavel Roskin: "[PATCH] Updated pci-skeleton.c"
In reply to: Andreas Dilger: "Re: Ext3 File System "Too many files" with snort"
Next in thread: jmerkey: "Re: Ext3 File System "Too many files" with snort"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >Andi,
> >
> >Sounds like this is correct. I will look at statfs(). I am very familiar
> >with this section of linux
> >with the VFS. We should make this value 32 bit. One solution would be to
> >instrument a
> >versioning field in the superblock so we can write the smarts into
> ext3/2/reiser
> >to handle
> >different on-disk structures. when a supoerblock gets read, it could detect
> >waht type of
> >on disk structures are instrumented.
> >
> >
> Just use reiser4 which has disk format plugins. reiserfs v3 should stay
> stable and undisturbed.
>

I was actually looking through your code when this message arrived. I am sending out
another unit Monday to the site installed with reiser and Suse Linux, Might I suggest
perhaps you consider making the change in reiser for the larger field size to 32 bit (I
am looking at the code at present, and it appears you are using the same inode
structure as everyone else) and I will default these systems to reiser instead of EXT3
for this application. There's another FS (not NWFS) that actually writes the captured
network traffic streaming to the system at over 400 MB/S which folks haven't seen
yet, it acts more like on on-disk LRU with huge cache units (137 MB each)
but snort and the network forensic applications use a standard file system for
reporting. Reiser is a good choice if this limitation can be removed.

Veil Erfolg and Gluck.

Danke,

Jeff

Bitte

> >Jeff
> >
> >
> >>-Andi
> >>
> >>
> >>
> >-
> >To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> >the body of a message to majordomo@xxxxxxxxxxxxxxx
> >More majordomo info at http://vger.kernel.org/majordomo-info.html
> >Please read the FAQ at http://www.tux.org/lkml/
> >
> >
> >
> >
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: 2.6.7-mm7"
Previous message: Pavel Roskin: "[PATCH] Updated pci-skeleton.c"
In reply to: Andreas Dilger: "Re: Ext3 File System "Too many files" with snort"
Next in thread: jmerkey: "Re: Ext3 File System "Too many files" with snort"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]