audit log rotation
Since auditd handles it's own log file rotation, I'm unclear on how to tell it to keep one year's worth of logs. /etc/audit/auditd.conf seems to be all about the size of files. man page doesn't help either.
|
Are you sure its not handled by logrotate?
|
Quote:
Anyone know about audit log rotation? |
Auditd handles log rotation on log size or with the USR1 signal.
In 'man auditd.conf', at "max_log_file_action", doesn't "keep_logs" provide what you want? |
Quote:
|
All times are GMT -5. The time now is 07:02 PM. |