On Sun, 7 Mar 2004, Payal Rathod wrote:

> file grew almost 1.8Gb and squid stopped. I still had a space of 10Gb on
> the file system where logs were dumped. Why did squid stop then?


Because your OS does not allow files larger than 2GB for "normal"
applications.

> Unfortunately, I could not do much so I immediately stoped squid,
> removed the access.log file after checking the culprit 5 IPs and deleted
> the file. Then the culprit machines were physically removed from the
> network and then squid was restarted. I rotate logs everyday at morning
> 08.00 to have reports through calamaris. In such a suitation, what is the
> best way to deal with it?


Apart from what you have already done:

* rotate the logs more often before the magic 2GB file size limit is
reached.

* write a little script monitoring access.log and when seeing suspicious
activity automatically add a firewall rule to block that IP from accessing
the proxy.

Regards
Henrik