<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 11/29/2011 09:58 AM, carlopmart wrote:
<blockquote
cite="mid:alpine.LRH.2.00.1111290956210.3949@caradhras.hpulabs.org"
type="cite">
<pre wrap="">
Hi all,
Due to a lot information stored under http.log, I need to run logrotate
on it. Searching mailing list about this particular, I see this:
<a class="moz-txt-link-freetext" href="http://lists.openinfosecfoundation.org/pipermail/oisf-devel/2011-September/000726.html">http://lists.openinfosecfoundation.org/pipermail/oisf-devel/2011-September/000726.html</a>
Exists any "clean" solution to do this??
---
CL Martinez
carlopmart {at} gmail {d0t} com
_______________________________________________
Oisf-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a>
</pre>
</blockquote>
<br>
<br>
<span class="st"><em>logrotete + copytruncate</em></span> ?<br>
<br>
basically it does something like:<br>
cp http.log http.log.1 && > http.log<br>
<br>
If you gzip the files, you should get about 80-90% reduction. in
size.<br>
and if you use zgrep to grep for stuff in the gziped log files, it
can actually be faster<br>
than using grep on the uncompressed files.<br>
<br>
My tests here now:<br>
http.log = 1.3 GB<br>
http.log.gz = 174 MB<br>
<br>
time grep google http.log > /dev/null<br>
real 0m23.604s<br>
<br>
time zgrep google http.log.gz > dev/null<br>
real 0m8.332s<br>
<br>
E<br>
<br>
</body>
</html>