argus log rotation
Chris Russel
russel at yorku.ca
Thu Nov 28 11:37:26 EST 2002
Silly question, considering I've been using argus for a couple years now -
what is the best way to rotate the argus log file?
I have seen the FAQ and the CERT blurb and that method does not work for
me since argus does not open a new log file after the original is renamed
as the article implies. Therefore I have to do a stop/start which is
cumbersome and loses some data.
For other things, like syslog or apache, it is just a signal which tells
the app to reopen its log file(s). So you move them first, then send the
signal and you're done with no data loss. Can we get argus to do this?
This also ties in with the remote data collection thread since I will have
the same problem with ra -S.
--
Chris Russel | Manager Information Security
russel at yorku.ca | York University, Toronto, Canada
More information about the argus
mailing list