argus log rotation
Chas DiFatta
chas at difatta.org
Fri Nov 29 19:48:22 EST 2002
All you need to do is move the date file that the deamon (argus)
is writing. The argus detects the file does not exist after the
move and creates a new one.
...cd
>-----Original Message-----
>From: owner-argus-info at lists.andrew.cmu.edu
>[mailto:owner-argus-info at lists.andrew.cmu.edu]On Behalf Of Chris Russel
>Sent: Thursday, November 28, 2002 8:37 AM
>To: argus-info at lists.andrew.cmu.edu
>Subject: argus log rotation
>
>
>Silly question, considering I've been using argus for a couple years now -
>what is the best way to rotate the argus log file?
>
>I have seen the FAQ and the CERT blurb and that method does not work for
>me since argus does not open a new log file after the original is renamed
>as the article implies. Therefore I have to do a stop/start which is
>cumbersome and loses some data.
>
>For other things, like syslog or apache, it is just a signal which tells
>the app to reopen its log file(s). So you move them first, then send the
>signal and you're done with no data loss. Can we get argus to do this?
>
>This also ties in with the remote data collection thread since I will have
>the same problem with ra -S.
>
>--
>Chris Russel | Manager Information Security
>russel at yorku.ca | York University, Toronto, Canada
>
>
>
>
>
>
>
More information about the argus
mailing list