Log "tear-off" mechanism
Carter Bullard
carter at qosient.com
Tue Jun 17 09:04:25 EDT 2003
Hey John,
Argus calls stat() on the output filename before writing
any record. stat() will indicate if the file has been
renamed, and if it has, argus will recreate it, and write
an argus data file header into the file and then proceed
to write out the new record.
Because this is data driven, and argus could be idle for
quite a while, based on traffic on the wire/interface,
the upper bound on how long the file could be missing is
the ARGUS_MAR_STATUS_INTERVAL.
Carter
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> John Hermes
> Sent: Tuesday, June 17, 2003 8:40 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Log "tear-off" mechanism
>
>
> Howdy,
>
> I am hoping someone might be able to help me understand how
> Argus deals with having the open logfile pulled out from under
> the daemon (using the argusarchive script for example). If you
> could decribe it in terms of file descriptors and pointers,
> that would be most helpful. For instance, does Argus get
> an I/O error and create a new file in response? Why does the
> OS (Linux, FreeBSD, etc.) allow me to move an open file? Why
> can't I remember this stuff from college? :-)
>
> I have a watchdog daemon that I configured to stat the
> logfile on a continuous basis, and now I need to write a
> compatible monitor that won't mind that the file is missing
> for the few seconds before Argus creates a new logfile. Any
> info related to moving open files would be a great help!
>
> Thanks!
>
> --
> John Hermes
> Systems Engineer
> Infoglobe, Inc
> 937-225-9999 x317
> 937-226-1623 Fax
> jhermes at infoglobe.com
>
More information about the argus
mailing list