logrotate strange argus behavior
Eric Kinzie
eric at qosient.com
Wed Oct 24 11:55:24 EDT 2018
On Wed Oct 24 10:58:46 -0400 2018, Monah Baki wrote:
> Hi Carter,
>
> My argus.conf has:
> ARGUS_OUTPUT_FILE=/var/log/argus/argus.out
>
> I can also for testing purposes run the -w option from the command line,
> what do you think?
>
> > > /var/log/argus/argus.out {
> > > missingok
> > > notifempty
> > > compress
> > > size 100M
> > > daily
> > > create 0600 root root
> > > }
Monah, I think that if you remove the "create 0600..." line from
the logrotate configuration, argus.out will be recreated by argus
and new records written to it.
When logrotate creates a replacement file, the logic in argus that
checks to see if the file has been removed is effectively bypassed.
The original file it opened is no longer visible with "ls" because
gzip blows it away, but the file does actually still exist until
all file descriptors that reference it have been closed; argus
continues writing to it.
More information about the argus
mailing list