[ARGUS] log file roll-over

Peter Van Epp vanepp at sfu.ca
Wed Jun 23 15:17:00 EDT 2004 

	Looks to be a bad assumption on my part. In the distribution in 
the support/Archive there is a shell script called argusarchive. It is intended
to be run from cron and every hour (or less if necessary) renames the 
argus.out file (which causes argus to start writing a new log file) and then
compresses and stores the current argus.out file in a standard archive 
directory. The README file in the support directory will tell you about what
all the various things in there do.
	In order to swap logs on a size basis you would need to write a script
that checks the file size and when it is too big renames argus.out to 
something else to cause the logfile switch then compress and archive the 
data file as required.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

On Wed, Jun 23, 2004 at 03:07:53PM -0400, John Nagro wrote:
> argus archieve? i'm not sure what you mean by that. and if i cycle out
> the old logs, thats not a roll-over? i need some explination
> 
> -John
> 
> On Wed, 23 Jun 2004 11:55:27 -0700, Peter Van Epp <vanepp at sfu.ca> wrote:
> > 
> >         Assuming you are rolling with argusarchive all you can currently do is
> > reduce the time between log rolls by changing the interval that it runs in
> > cron. It is a shell script so if you write something (a perl script?) that
> > stats the argus.out file and renames it when it gets to a certain size that
> > will do what you want (or someone may have already done it on the list here),
> > but argusarchive won't as it stands. As I recall Eric told me he was rolling
> > his logs every 10 minutes to keep the log volume reasonable (I'm rolling once
> > an hour without problem so far).
> > 
> > Peter Van Epp / Operations and Technical Support
> > Simon Fraser University, Burnaby, B.C. Canada
> > 
> > 
> > 
> > 
> > On Wed, Jun 23, 2004 at 02:35:27PM -0400, John Nagro wrote:
> > > is it possible to set argus to roll over the log file? ie not get
> > > larger than a give amount? (such as 128mb, 256mb, etc)
> > >
> > > We have a lot of traffic to monitor and logs get big very fast, and
> > > big means harder to process.
> > >
> > > -John Nagro
> >

More information about the argus mailing list