racluster and data reduction
Harry Hoffman
hhoffman at ip-solutions.net
Mon Dec 29 14:48:13 EST 2008
Hi All,
We're starting to look at ways to manage our argus data and hoping to
see what others are doing.
We currently have a 500GB partition to store all of our argus records.
At our collection rates we can store less then 1 moths worth of data.
Argus records are rotated every hour using a shell script to archive
them.
We're looking into the use of racluster to merge flows and reduce the
amount of data but at the same time still give us valuable information.
Are most people just running:
racluster -r argus.out -w newfile
Are there any "gotchas" in using racluster?
Cheers,
Harry
More information about the argus
mailing list