[unisog] rotating argus logs (was registering servers)

John Gerth gerth at stanford.edu
Fri Jul 28 19:56:28 GMT 2006


On 7/28/2006 6:10 AM, Michael Holstein wrote:
...
> 
> The argus logfiles aren't terribly huge .. ~10gb/day. The only PITA is 
> rotating them since the 'ra' process in Argus dosen't handle a SIGINT 
> like it ought to (but can be fixed with a script).
> 
  It can be a pretty simple script too since argus does do the right
  thing if you simply "mv" the log file out from under a running daemon
  (meaning that it just starts a new log file)

  FWIW, here's the script I put in /etc/cron.d/hourly to snip off the argus
  log every hour and rename it as ar-YYYY-MM-DD.HH  (where this timestamp
  is in GMT so you don't have to think about daylight savings). It reads
  the first management record in the log to pick off the time from the
  data rather than doing math on the system clock.
-- 
John Gerth      gerth at stanford.edu         (650) 725-3273  fax 723-0033
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: argus
Url: http://lists.dshield.org/pipermail/unisog/attachments/20060728/2b3640dc/attachment-0001.bat 


More information about the unisog mailing list