log file names w/timestamps and timezone (was "Re: Rotating Argus Logs")
Dave Plonka
plonka at doit.wisc.edu
Wed Dec 28 14:02:49 EST 2005
On Wed, Dec 28, 2005 at 11:05:43AM -0600, eric wrote:
> On Wed, 2005-12-28 at 10:59:14 -0600, Dave Plonka proclaimed...
>
> > (GNU date supports %z to yield the timezone as hours east of GMT.)
>
> Just to confirm, date(1) on OpenBSD does as well using the "%z" attribute.
Cool. I know some platforms have an strftime(3) that doesn't grok %z,
like SVR4/Solaris 2.6...
> By the way, thanks for the point made Dave. I've always been "lucky" enough
> to not have issues with DST, but plan to modify some of my configurations in
> a way you mentioned.
Years ago I initially overlooked the DST issue, so an hour gap would
have appeared in my flow-based traffic graphs on the fall transition day.
... Happy to let you know how I learned from my mistakes ;^)
BTW, a different technique to get the file to sort correctly by
timestamp and collating sequence is to embed a fixed-width UTC
timestamp in the file name before the localtime one.
For brevity, one could insert the time_t value in hex:
$ perl -MPOSIX -e '$time = time;
printf("argus.0x%08.8X_%s\n",
$time,
strftime("%Y%m%d_%H:%M:%S", localtime($time)))'
argus.0x43B2E125_20051228_13:01:57
$
Of course the downside of this hack is that it assumes 32-bit time_t
and you'll have those extra ugly digits in each filename, but since
those values should be monotonically, it will cause ls(1) and globbing
routines to sort the filenames in time order regardless of the locale's
DST.
The upside is you don't need any special sorting tools...
Dave
--
plonka at doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF Madison, WI
More information about the argus
mailing list