[ARGUS] log file roll-over

eric eric at catastrophe.net
Wed Jun 30 04:21:44 EDT 2004


On Wed, 2004-06-23 at 11:55:27 -0700, Peter Van Epp proclaimed...

> 	Assuming you are rolling with argusarchive all you can currently do is
> reduce the time between log rolls by changing the interval that it runs in 
> cron. It is a shell script so if you write something (a perl script?) that
> stats the argus.out file and renames it when it gets to a certain size that
> will do what you want (or someone may have already done it on the list here),
> but argusarchive won't as it stands. As I recall Eric told me he was rolling
> his logs every 10 minutes to keep the log volume reasonable (I'm rolling once
> an hour without problem so far).

Actually, now we're rolling every two minutes and unfortunately
still running out of memory when doing the rasort that happens in
the argusarchive script. What I've noticed is that it will take
about two times the amount of memory to go through your logfile. So
if you have a 1GB logfile, make sure you have AT LEAST 2GB available
for rasort (not to mention more handy for the kernel, etc).

Hopefully we'll be getting our new hardware up soon which will give
us quite a bit more memory as writing to large amounts of swap is
slow.



More information about the argus mailing list