* rotating audit logs
@ 2007-02-13 15:31 Bill Tangren
2007-02-13 15:37 ` Steve Grubb
0 siblings, 1 reply; 4+ messages in thread
From: Bill Tangren @ 2007-02-13 15:31 UTC (permalink / raw)
To: Linux Audit
I am required to rotate the audit logs daily on my RHEL boxes. As far as I can
tell from the auditd.conf file, the auditd daemon only rotates the files when
max_log_file reaches a certain size.
Is is possible to have the auditd daemon rotate the logs according to time,
rather than size?
If auditd cannot do this, is it possible to turn off log rotating and let the
logrotate daemon do it?
Thanks,
Bill Tangren
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: rotating audit logs
2007-02-13 15:31 rotating audit logs Bill Tangren
@ 2007-02-13 15:37 ` Steve Grubb
2007-02-13 16:16 ` Bill Tangren
0 siblings, 1 reply; 4+ messages in thread
From: Steve Grubb @ 2007-02-13 15:37 UTC (permalink / raw)
To: linux-audit
On Tuesday 13 February 2007 10:31, Bill Tangren wrote:
> Is is possible to have the auditd daemon rotate the logs according to time,
> rather than size?
There is a log rotation script suitable for cron usage in the audit package.
You just simply need to add it to your cron setup.
> If auditd cannot do this, is it possible to turn off log rotating and let
> the logrotate daemon do it?
You could do that too, but you'll have to teach logrotate about the audit
logs.
-Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: rotating audit logs
2007-02-13 15:37 ` Steve Grubb
@ 2007-02-13 16:16 ` Bill Tangren
2007-02-13 16:37 ` Steve Grubb
0 siblings, 1 reply; 4+ messages in thread
From: Bill Tangren @ 2007-02-13 16:16 UTC (permalink / raw)
Cc: linux-audit
Steve Grubb wrote:
> On Tuesday 13 February 2007 10:31, Bill Tangren wrote:
>> Is is possible to have the auditd daemon rotate the logs according to time,
>> rather than size?
>
> There is a log rotation script suitable for cron usage in the audit package.
> You just simply need to add it to your cron setup.
OK, I've found the auditd.cron file. How do I prevent auditd from rotating by
size? Set the maximum size too high to be reached in a day?
>
>> If auditd cannot do this, is it possible to turn off log rotating and let
>> the logrotate daemon do it?
>
> You could do that too, but you'll have to teach logrotate about the audit
> logs.
I've taught logrotate about other logs, so I don't see that as a problem. How to
tell auditd not to rotate, though, that I DON'T know how to do.
>
> -Steve
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: rotating audit logs
2007-02-13 16:16 ` Bill Tangren
@ 2007-02-13 16:37 ` Steve Grubb
0 siblings, 0 replies; 4+ messages in thread
From: Steve Grubb @ 2007-02-13 16:37 UTC (permalink / raw)
To: linux-audit
On Tuesday 13 February 2007 11:16, Bill Tangren wrote:
> How do I prevent auditd from rotating by size?
Set max_log_file_action=ignore
> Set the maximum size too high to be reached in a day?
No, there are 2 controls, the file size and what to do when its reached. In
this case you don't care about the size, but you care about what it does.
-Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-02-13 16:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-02-13 15:31 rotating audit logs Bill Tangren
2007-02-13 15:37 ` Steve Grubb
2007-02-13 16:16 ` Bill Tangren
2007-02-13 16:37 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox