Reducing argus-2.x log files for archiving
Carter Bullard
carter at qosient.com
Tue Jan 29 20:57:54 EST 2002
Hey Russell,
The question is what do you want to preserve.
Simple 1.8 info is pretty dense, and we can do a
bit better if we've already gone through aggregation.
The easiest way to do this is to create a tool that
controls what TLV's to keep in a record. That will get
you closer to 1.8, and then if needed we could create
some new ones that are still more dense.
Is this reasonable?
Carter
Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York 10022
carter at qosient.com
Phone +1 212 588-9133
Fax +1 212 588-9134
http://qosient.com
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Russell Fulton
> Sent: Tuesday, January 29, 2002 8:46 PM
> To: 'Argus'
> Subject: Reducing argus-2.x log files for archiving
>
>
> Hi All,
> I am looking at ways of reducing storage requirements
> for long term
> archiving of argus logs. I try and keep a couple of months
> logs on disk
> with all the details then I would like to be able to strip out some of
> the more esoteric 'stuff' and commit them to off line
> storage. Something
> with the level of detail of 1.8 format would be great.
>
> My argus 1.8 logs are about 80 - 100MB per day and the 2.0.x logs are
> between 500 and 800MB. (been through ragator | gzip -9).
>
> At the moment I am using by 1.8 argus for long term archiving but I
> would like to shut that down now.
>
> --
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland, New Zealand
>
>
>
More information about the argus
mailing list