From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bill Tangren Subject: Re: rotating audit logs Date: Tue, 13 Feb 2007 11:16:55 -0500 Message-ID: <45D1E477.3090304@aa.usno.navy.mil> References: <45D1D9D2.70706@aa.usno.navy.mil> <200702131037.33592.sgrubb@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l1DGGvvG026099 for ; Tue, 13 Feb 2007 11:16:57 -0500 Received: from beatrix.usno.navy.mil (beatrix.usno.navy.mil [198.116.61.254]) by mx1.redhat.com (8.13.1/8.13.1) with ESMTP id l1DGGta9015578 for ; Tue, 13 Feb 2007 11:16:55 -0500 Received: from [10.1.5.58] (mach2.usno.navy.mil [10.1.5.58]) by aa.usno.navy.mil (Postfix) with ESMTP id 4EFA5903EB for ; Tue, 13 Feb 2007 11:16:55 -0500 (EST) In-Reply-To: <200702131037.33592.sgrubb@redhat.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com Steve Grubb wrote: > On Tuesday 13 February 2007 10:31, Bill Tangren wrote: >> Is is possible to have the auditd daemon rotate the logs according to time, >> rather than size? > > There is a log rotation script suitable for cron usage in the audit package. > You just simply need to add it to your cron setup. OK, I've found the auditd.cron file. How do I prevent auditd from rotating by size? Set the maximum size too high to be reached in a day? > >> If auditd cannot do this, is it possible to turn off log rotating and let >> the logrotate daemon do it? > > You could do that too, but you'll have to teach logrotate about the audit > logs. I've taught logrotate about other logs, so I don't see that as a problem. How to tell auditd not to rotate, though, that I DON'T know how to do. > > -Steve >