log file names w/timestamps and timezone (was "Re: Rotating Argus Logs")

Carter Bullard carter at qosient.com
Wed Dec 28 14:49:42 EST 2005 

Hey Dave,
Good to hear from you!!!   So using GMT as the time zone for
filenames has been successful at some sites, but localtime() has its
advantages, as its a little more human oriented.   In someways, it
really all depends on the query system that will use the data?
 From argus's perspective, its arbitrary, as the data is all UTC.

Carter


On Dec 28, 2005, at 2:02 PM, Dave Plonka wrote:

> On Wed, Dec 28, 2005 at 11:05:43AM -0600, eric wrote:
>> On Wed, 2005-12-28 at 10:59:14 -0600, Dave Plonka proclaimed...
>>
>>> (GNU date supports %z to yield the timezone as hours east of GMT.)
>>
>> Just to confirm, date(1) on OpenBSD does as well using the "%z"  
>> attribute.
>
> Cool.  I know some platforms have an strftime(3) that doesn't grok %z,
> like SVR4/Solaris 2.6...
>
>> By the way, thanks for the point made Dave. I've always been  
>> "lucky" enough
>> to not have issues with DST, but plan to modify some of my  
>> configurations in
>> a way you mentioned.
>
> Years ago I initially overlooked the DST issue, so an hour gap would
> have appeared in my flow-based traffic graphs on the fall  
> transition day.
> ... Happy to let you know how I learned from my mistakes ;^)
>
> BTW, a different technique to get the file to sort correctly by
> timestamp and collating sequence is to embed a fixed-width UTC
> timestamp in the file name before the localtime one.
>
> For brevity, one could insert the time_t value in hex:
>
>    $ perl -MPOSIX -e '$time = time;
>                       printf("argus.0x%08.8X_%s\n",
> 	                     $time,
> 	                     strftime("%Y%m%d_%H:%M:%S", localtime($time)))'
>    argus.0x43B2E125_20051228_13:01:57
>    $
>
> Of course the downside of this hack is that it assumes 32-bit time_t
> and you'll have those extra ugly digits in each filename, but since
> those values should be monotonically, it will cause ls(1) and globbing
> routines to sort the filenames in time order regardless of the  
> locale's
> DST.
>
> The upside is you don't need any special sorting tools...
>
> Dave
>
> -- 
> plonka at doit.wisc.edu  http://net.doit.wisc.edu/~plonka  ARS:N9HZF   
> Madison, WI
>

More information about the argus mailing list