argusarchive 101

[carter at qosient.com]

While we provide some tools, most people have done whatever they wanted, so you won't find  much dialog.  The tool of choice for argus-3.0 will be rastream() and I haven't finished the man page.  Until then, you should consider using rasplit() to generate your archive.

I don't suggest that argus write directly to a file any longer, especially for very fast stuff.  We use clients like radium() and rasplit() to handle data from the probes.

Rastream() is raspilt() with the ability to sort output records and then run scripts against files, as they are closed.

For most people, even hourly files generate difficult file sizes, so I recommend 5 minute files, as a rule of thumb.  Try this command:

   rasplit -S server -M time 5m -w archive/\$srcid/%Y/%m/%d/argus.%Y.%m.%d.%H.%M.%S

This will write records out into a year/month/day file system with 5 minute files, where no ecord over laps the 5 minute boundaires.  Organized by argus srcid (this is why argus source ids should to be unique).

The "$srcid" will use the srcid field in the record.  You can use any printable field this way.  The "$" may need to escaped, depending on your shell, that's why I have a '\' in the example.

Rasplit does have a manpage.

Carter Bullard
QoSient LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax

-----Original Message-----
From: Robert Leyba <r_leyba14 at yahoo.com>

Date: Mon, 4 Jun 2007 07:00:12 
To:argus-info at lists.andrew.cmu.edu
Subject: [ARGUS] argusarchive 101


Hi again,

...been searching the forums on a basic command structure of the argusarchive 
utility, but can't seem to find any hits.  There also doesn't appar to be a man 
file for this.

    Basically, we would want to rotate our log files nightly (around midnight) 
so that we have several 24 hr. long log files instead of one very large file.  

   Could someone pls. advise on the proper syntax?

thanks

--robert