Hi Andreas, > > > Well, if this is a publicly available system, there is always the > > > chance that your server has been compromised and is hosting warez or > > > other junk. > > > > But even then, the bytes would have to be somewhere in use, right? > > Not if the tools themselves are compromised. Unlikely, though not impossible. The system is running a intrusion detection system and is using remote logging. > It may also have been unlinked files in a directory that was deleted. > If it happens again, you can try stopping the services one at a time > to see which one is causing the problem, to help trace it down. That IS the reason, and I found the cause: There was a nohup job writing to nohup.out, which was deleted every 30 minutes by a cronjob instead of truncated. These dead nohup.outs were not reported by lsof, and of cause not linked in the file system anymore, but yet using up space. Isn't the last point a bug? Thank you all for your quick help! Michael -- Hostsharing eG / Boytinstr. 10 / D-22143 Hamburg phone+fax:+49/700/HOSTSHAR(ing) (= +49/700/46787427) http://www.hostsharing.net: host, where YOU make the difference
