rolling argus logs...
Russell Fulton
r.fulton at auckland.ac.nz
Sun Aug 6 20:30:31 EDT 2000
On Fri, 4 Aug 2000 16:03:41 -0700 (PDT) Peter Van Epp <vanepp at sfu.ca>
wrote:
> >
> > Wow, a lot of work today ;o)
> > I will look into all of this over the weekend and see what
> > the best approach will be.
> >
> > One thing, David. You don't have to kill argus to get the
> > output file. All you have to do is rename the file and
> > argus recreates the original file and keeps going.
> >
>
> I didn't know that! All this time I've been killing argus and and
> restarting it. Isn't the file busy (and thus argus keeps writing to the
> now nameless inode)? I'll have to try it out on a test copy and see what
> happens because that would simplify life (to say nothing of stopping losing
> packets while switching log files)!
Argus closes and reopens the file between writes, as does ra and
friends (I think? confirmation Carter?).
My hourly script simply mv's the file and runs
raconnections -w - | gzip -9.
Hmmm.... I tell a lie ;-) I nolonger run raconnections -- the
performance of our Internet feed jumped by about 25% a month back and
raconnections started running out of memory :-(
Currently I am not 'centrally' managing my argus servers but that is
about to change. I am considering using scp (with RSA authentication)
to move the files from the monitor up to central control as part of
the hourly job. It gets a bit messy because I don't want the monitors
to 'trust' the central box.
Like David if other have good ways to manage this then I would be
interested in hearing about it.
Cheers, Russell.
More information about the argus
mailing list