first time argus

[Ian Smith via Argus-info]

> Server side - how can it generate daily logs, with "argus -M time 
> 1h" is not working, if I start the server "argus" it makes one file 
> which becames bigger and bigger.

I'm only just starting with Argus myself, but I wanted just this, and 
this is how I've done it (ie, if there's a better way from someone 
that actually knows what they are doing I'd be happy to hear it):

Argus is tolerant of the log file going away, so you could simply move 
the log file each day.  When the argus process discovers the log file 
is missing it creates a new one.  However, unless you run that at 
midnight each day you'll have log files with part of two days in each.

I run a daily cron script.  Argus is running writing to argus.out.  
The script sets that log file aside (and argus makes a new one as soon 
as it wants to log something), then uses rasplit to split the set 
aside argus.out into new files named according to date.

Thus, at any time I have argus.YYYYmmdd files with whatever had 
occurred up to the last time the script ran, and a 'live' argus.out 
with what has happened since.  If I want to update the argus.YYYYmmdd 
files to as of now, I just manually run the script.  That is, since 
'-w' appends if the target file already exists, you can actually run 
this as often as you like.  Thus, I don't have a live 'today' file, 
but I can get one as of any time I want it.

---------- ---------- ----------
#!/bin/sh

cd /var/log/argus
NEWLOG=argus.out.`/bin/date +%Y%m%d_%H%M%S`

# set aside current log file - note we just need to move it
# - argus copes and makes a new one when the old one disappears
/bin/mv argus.out $NEWLOG

# split by days and delete the source file assuming it went ok
/usr/bin/rasplit -M time 1d -r $NEWLOG -w argus.%Y%m%d && /bin/rm $NEWLOG
---------- ---------- ----------


regards,   Ian SMith