Archive management question/feature request
Jesse Bowling
jessebowling at gmail.com
Wed Sep 11 09:56:43 EDT 2013
Hi all,
So rasplit/rastream are great for organizing a disk-based archive of argus
data. I'm wondering: how difficult it would be to include some features to
manage the size of the archive?
The scenario I'm imagining is that when rasplit/rastream starts to write a
new file, it also checks how much disk space is used under it's 'base'
path. If size > limit, remove files until space == target_limit. Another
potentially useful model would be to set a limit on the number of files
created, so you could in a time-based mode ensure you keep at least X days
of flows.
I do this with a bash script currently, but was thinking that this might be
a useful thing to be included in the clients. Other collection tools such
as tcpdump and nprobe support this kind of archive management, so it would
seem like there are some examples out there that code could potentially
even be borrowed from.
What are the groups thoughts? Good idea? Bad? Would you like to see this?
My own C/C++ skills are so ancient they are nearly forgotten, but I would
like to help see this feature implemented.
Cheers,
Jesse
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130911/3ee8ffac/attachment.html>
More information about the argus
mailing list