Has anyone found a way to rotate argus logs on say a daily basis? (Perhaps even removing logs after a week or so). Thanks -- Scott Dexter "You're not one of us." "I don't think I'm one of them, either," said Brutha. "I'm one of mine." Terry Pratchett (Small Gods)
> Has anyone found a way to rotate argus logs on say a daily basis? > (Perhaps even removing logs after a week or so). I just rename the file via a cron job at midnight; argus will create a new one when it tries to write data to the file and finds it missing. Mike Iglesias Email: iglesias <at> uci.edu University of California, Irvine phone: 949-824-6926 Network & Academic Computing Services FAX: 949-824-2069
Yes, using logrotate on RedHat works well. I found I had to shut argus down before rotating the logs and then restart. Depending on how much data is kept, you might need to delay starting the server again to give logrotate time to finish. Ernie Johanson ITS Network Systems Security California Institute of Technology 626-395-5797 johanson <at> caltech.edu http://www.its.caltech.edu/its/security/ On Tue, 27 Dec 2005, Scott Dexter wrote: > Date: Tue, 27 Dec 2005 21:16:39 -0500 > From: Scott Dexter <scott.dexter <at> gmail.com> > To: argus-info <at> lists.andrew.cmu.edu > Subject: [ARGUS] Rotating Argus Logs > > Has anyone found a way to rotate argus logs on say a daily basis? > (Perhaps even removing logs after a week or so). > > Thanks > -- > Scott Dexter > > "You're not one of us." > "I don't think I'm one of them, either," said Brutha. > "I'm one of mine." >(Continue reading)
On Tue, Dec 27, 2005 at 09:16:39PM -0500, Scott Dexter wrote: > Has anyone found a way to rotate argus logs on say a daily basis? > (Perhaps even removing logs after a week or so). > > Thanks > -- > Scott Dexter > > "You're not one of us." > "I don't think I'm one of them, either," said Brutha. > "I'm one of mine." > > Terry Pratchett (Small Gods) The usual answer is argusarchive (in support/Archive in the argus 2.0.6 distribution) which cycles and archives the logs on an hourly basis. I have a modified version that will handle multiple instances and a few more changes in ftp://ftp.sfu.ca/pub/unix/argus/argus.traffic.perl.tar.gz along with a variety of other scripts useful for keeping argus running. Peter Van Epp / Operations and Technical Support Simon Fraser University, Burnaby, B.C. Canada
On Tue, 2005-12-27 at 21:16:39 -0500, Scott Dexter proclaimed... > Has anyone found a way to rotate argus logs on say a daily basis? > (Perhaps even removing logs after a week or so). Simple way is to do this... #!/bin/sh PATH="/usr/bin:/usr/sbin:/bin:/sbin" COMPRESS="/usr/bin/gzip" COMPRESSLEVEL="-5" DATE="`date +%Y%m%d.%H%M`" ARGUSARCHDIR="/var/argus" ARGUSLOGFILE="/var/log/argus" umask 007 if [ -f $ARGUSLOG ]; then mv $ARGUSLOG.cap $ARGUSARCHDIR/$ARGUSLOG-$DATE.cap $COMPRESS $COMPRESSLEVEL $ARGUSARCHDIR/$ARGUSLOG-$DATE.cap else echo "$ARGUSLOG not found. exiting." exit 2 fi Want to delete old files? find(1) is your friend.(Continue reading)
On 12/27/05, eric <eric-list-argus <at> catastrophe.net> wrote: > > Ah crap, I ran out of caffeine > > On Tue, 2005-12-27 at 21:54:49 -0600, eric proclaimed... > > > if [ -f $ARGUSLOG ]; then > > s/ARGUSLOG/ARGUSLOGFILE/ > > Heh I just looked up from editting the file to see your mail, thanks :) Now if I need to is there a way to recombine argus files later? -- Scott Dexter "You're not one of us." "I don't think I'm one of them, either," said Brutha. "I'm one of mine." Terry Pratchett (Small Gods)
On Tue, 2005-12-27 at 23:11:39 -0500, Scott Dexter proclaimed... > Heh I just looked up from editting the file to see your mail, thanks :) > > Now if I need to is there a way to recombine argus files later? Definitely see the stuff in Support/ There's rasort and ragator. Good for using.
Scott Dexter wrote: > On 12/27/05, eric <eric-list-argus <at> catastrophe.net> wrote: >> Ah crap, I ran out of caffeine >> >> On Tue, 2005-12-27 at 21:54:49 -0600, eric proclaimed... >> >>> if [ -f $ARGUSLOG ]; then >> s/ARGUSLOG/ARGUSLOGFILE/ >> >> > > Heh I just looked up from editting the file to see your mail, thanks :) > > Now if I need to is there a way to recombine argus files later? > ra and friends all take multiple files on the command line so you can process multiple files at once -- it's smart to name log files so that shell globbing gets the files in chronological order ;) Russell
On Wed, Dec 28, 2005 at 05:32:53PM +1300, Russell Fulton wrote:
>
> -- it's smart to name log files so that
> shell globbing gets the files in chronological order ;)
That would be nice, but beware that in locales that have Daylight
Savings Time (where the same hour of one day recurs in fall) it's hard
to include a local timestamp in the filename and get it to sort
correctly for all days of the year. You could use UTC, but that's
inconvenient for those of us that think in localtime.
To avoid ambiguities regarding the timezone for FlowScan (flow-tools,
etc.) we put the offset from UTC in the file names (as a +/- suffix)
like this:
ft-v05.2005-12-28.104500-0600
With argus, I do it like this via a cron job as mentioned previously:
test -f argus.out && mv argus.out argus.`date +%Y%m%d_%H:%M:%S%z`
(GNU date supports %z to yield the timezone as hours east of GMT.)
Then scripts that need to process them in order need to translate the
timestamps in the filenames and sort the names before processing them.
E.g. in perl:
sub by_timestamp {
FlowScan::file2time_t($a) <=> FlowScan::file2time_t($b)
}
(Continue reading)
RSS Feed90 | |
|---|---|
38 | |
75 | |
50 | |
113 | |
42 | |
49 | |
155 | |
63 | |
50 | |
30 | |
122 | |
22 | |
37 | |
53 | |
58 | |
91 | |
52 | |
17 | |
30 | |
15 | |
39 | |
49 | |
61 | |
66 | |
82 | |
48 | |
52 | |
27 | |
42 | |
35 | |
72 | |
78 | |
48 | |
102 | |
50 | |
23 | |
61 | |
40 | |
50 | |
26 | |
32 | |
72 | |
48 | |
55 | |
115 | |
66 | |
36 | |
92 | |
122 | |
116 | |
58 | |
26 | |
15 | |
3 | |
3 | |
24 | |
38 | |
50 | |
62 | |
6 | |
61 | |
90 | |
151 | |
121 | |
67 | |
61 | |
120 | |
107 | |
143 | |
44 | |
91 | |
68 | |
82 | |
141 | |
123 | |
69 | |
50 | |
79 | |
113 | |
114 | |
131 | |
96 | |
270 | |
4 | |
4 | |
40 | |
31 | |
24 | |
14 | |
2 | |
1 | |
8 | |
25 | |
1 | |
14 | |
5 | |
25 | |
24 | |
33 | |
12 | |
41 | |
33 | |
35 | |
48 | |
95 | |
45 | |
79 | |
87 | |
84 | |
17 | |
62 | |
14 | |
28 | |
14 | |
15 | |
38 | |
60 | |
28 | |
31 | |
48 | |
24 | |
39 | |
18 | |
29 | |
26 | |
41 | |
47 | |
18 | |
14 | |
23 | |
20 | |
92 | |
29 | |
56 | |
47 | |
33 | |
18 | |
91 | |
58 | |
49 | |
15 | |
49 | |
109 | |
52 | |
39 | |
99 | |
134 | |
123 | |
26 | |
59 | |
72 | |
143 | |
44 | |
81 | |
20 | |
12 | |
11 | |
63 | |
22 | |
8 | |
1 | |
6 | |
15 | |
3 | |
9 | |
12 | |
7 | |
16 | |
28 | |
9 |
