argus log rotation

Chas DiFatta chas at difatta.org
Fri Nov 29 20:48:42 EST 2002


Sorry, that should have read,

All you need to do is move the file that the deamon (argus)
is writing.

>-----Original Message-----
>From: owner-argus-info at lists.andrew.cmu.edu
>[mailto:owner-argus-info at lists.andrew.cmu.edu]On Behalf Of Chas DiFatta
>Sent: Friday, November 29, 2002 4:48 PM
>To: Chris Russel; argus-info at lists.andrew.cmu.edu
>Subject: RE: argus log rotation
>
>
>All you need to do is move the date file that the deamon (argus)
>is writing.  The argus detects the file does not exist after the
>move and creates a new one.
>
>	...cd
>
>>-----Original Message-----
>>From: owner-argus-info at lists.andrew.cmu.edu
>>[mailto:owner-argus-info at lists.andrew.cmu.edu]On Behalf Of Chris Russel
>>Sent: Thursday, November 28, 2002 8:37 AM
>>To: argus-info at lists.andrew.cmu.edu
>>Subject: argus log rotation
>>
>>
>>Silly question, considering I've been using argus for a couple years now -
>>what is the best way to rotate the argus log file?
>>
>>I have seen the FAQ and the CERT blurb and that method does not work for
>>me since argus does not open a new log file after the original is renamed
>>as the article implies.  Therefore I have to do a stop/start which is
>>cumbersome and loses some data.
>>
>>For other things, like syslog or apache, it is just a signal which tells
>>the app to reopen its log file(s).  So you move them first, then send the
>>signal and you're done with no data loss.  Can we get argus to do this?
>>
>>This also ties in with the remote data collection thread since I will have
>>the same problem with ra -S.
>>
>>--
>>Chris Russel    | Manager Information Security
>>russel at yorku.ca | York University, Toronto, Canada
>>
>>
>>
>>
>>
>>
>>
>
>



More information about the argus mailing list