[ARGUS] log file roll-over

John Nagro john.nagro at gmail.com
Wed Jun 23 15:42:36 EDT 2004 

Ah yes, thank you, for some reason the debian package you get from apt
doesnt install that part. But this still isnt roll-over, this simple
swaps out the file once its reached a certain size. How does this
effect my ability to analyze data? for example i run the server
software on a system, and i intend on connecting to it using the
client software (-S <computer> option in most tools). If cron has
*just* swapped out the file, what sort of data will i get? none?

-John

On Wed, 23 Jun 2004 12:17:00 -0700, Peter Van Epp <vanepp at sfu.ca> wrote:
> 
>         Looks to be a bad assumption on my part. In the distribution in
> the support/Archive there is a shell script called argusarchive. It is intended
> to be run from cron and every hour (or less if necessary) renames the
> argus.out file (which causes argus to start writing a new log file) and then
> compresses and stores the current argus.out file in a standard archive
> directory. The README file in the support directory will tell you about what
> all the various things in there do.
>         In order to swap logs on a size basis you would need to write a script
> that checks the file size and when it is too big renames argus.out to
> something else to cause the logfile switch then compress and archive the
> data file as required.
> 
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
> 
> 
> 
> On Wed, Jun 23, 2004 at 03:07:53PM -0400, John Nagro wrote:
> > argus archieve? i'm not sure what you mean by that. and if i cycle out
> > the old logs, thats not a roll-over? i need some explination
> >
> > -John
> >
> > On Wed, 23 Jun 2004 11:55:27 -0700, Peter Van Epp <vanepp at sfu.ca> wrote:
> > >
> > >         Assuming you are rolling with argusarchive all you can currently do is
> > > reduce the time between log rolls by changing the interval that it runs in
> > > cron. It is a shell script so if you write something (a perl script?) that
> > > stats the argus.out file and renames it when it gets to a certain size that
> > > will do what you want (or someone may have already done it on the list here),
> > > but argusarchive won't as it stands. As I recall Eric told me he was rolling
> > > his logs every 10 minutes to keep the log volume reasonable (I'm rolling once
> > > an hour without problem so far).
> > >
> > > Peter Van Epp / Operations and Technical Support
> > > Simon Fraser University, Burnaby, B.C. Canada
> > >
> > >
> > >
> > >
> > > On Wed, Jun 23, 2004 at 02:35:27PM -0400, John Nagro wrote:
> > > > is it possible to set argus to roll over the log file? ie not get
> > > > larger than a give amount? (such as 128mb, 256mb, etc)
> > > >
> > > > We have a lot of traffic to monitor and logs get big very fast, and
> > > > big means harder to process.
> > > >
> > > > -John Nagro
> > >
>

More information about the argus mailing list