LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   audit log rotation (https://www.linuxquestions.org/questions/linux-security-4/audit-log-rotation-729192/)

jnojr 05-28-2009 06:48 PM
audit log rotation
 
Since auditd handles it's own log file rotation, I'm unclear on how to tell it to keep one year's worth of logs. /etc/audit/auditd.conf seems to be all about the size of files. man page doesn't help either.

chrism01 05-28-2009 11:05 PM
Are you sure its not handled by logrotate?

jnojr 06-01-2009 11:11 AM
Quote:
Originally Posted by chrism01 (Post 3556100)
Are you sure its not handled by logrotate?
Quite sure.

Anyone know about audit log rotation?

unSpawn 06-01-2009 11:43 AM
Auditd handles log rotation on log size or with the USR1 signal.

In 'man auditd.conf', at "max_log_file_action", doesn't "keep_logs" provide what you want?

jnojr 06-02-2009 11:08 AM
Quote:
Originally Posted by unSpawn (Post 3559214)
Auditd handles log rotation on log size or with the USR1 signal.

In 'man auditd.conf', at "max_log_file_action", doesn't "keep_logs" provide what you want?
If the lack of a mention of a time facility means that there simply is no way to rotate audit logs by time, then yeah, I guess it does :-P I was hoping someone knew of a cute fix.


All times are GMT -5. The time now is 07:02 PM.