logrotate strange argus behavior
Monah Baki
monahbaki at gmail.com
Fri Oct 26 12:25:43 EDT 2018
Thanks Eric, works perfectly.
On Fri, Oct 26, 2018 at 10:19 AM Eric Kinzie <eric at qosient.com> wrote:
> On Wed Oct 24 11:55:24 -0400 2018, Eric Kinzie wrote:
> > On Wed Oct 24 10:58:46 -0400 2018, Monah Baki wrote:
> > > Hi Carter,
> > >
> > > My argus.conf has:
> > > ARGUS_OUTPUT_FILE=/var/log/argus/argus.out
> > >
> > > I can also for testing purposes run the -w option from the command
> line,
> > > what do you think?
> > >
> >
> > > > > /var/log/argus/argus.out {
> > > > > missingok
> > > > > notifempty
> > > > > compress
> > > > > size 100M
> > > > > daily
> > > > > create 0600 root root
> > > > > }
> >
> > Monah, I think that if you remove the "create 0600..." line from
> > the logrotate configuration, argus.out will be recreated by argus
> > and new records written to it.
> >
> > When logrotate creates a replacement file, the logic in argus that
> > checks to see if the file has been removed is effectively bypassed.
> > The original file it opened is no longer visible with "ls" because
> > gzip blows it away, but the file does actually still exist until
> > all file descriptors that reference it have been closed; argus
> > continues writing to it.
>
>
> Removing the "create" line was not enough. I added "nocreate" and
> argus created its own replacement file and started writing records
> to it. See if that helps.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20181026/860a280e/attachment.html>
More information about the argus
mailing list