From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Stephen John Smoogen" Subject: Re: Q: audit log rotation. Date: Tue, 18 Apr 2006 12:26:32 -0600 Message-ID: <80d7e4090604181126td15b081r2c9f5290cb691980@mail.gmail.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Return-path: Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32]) by int-mx1.corp.redhat.com (8.12.11.20060308/8.11.6) with ESMTP id k3IIQkVl024396 for ; Tue, 18 Apr 2006 14:26:46 -0400 Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.200]) by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id k3IIQado000768 for ; Tue, 18 Apr 2006 14:26:37 -0400 Received: by nz-out-0102.google.com with SMTP id 16so805315nzp for ; Tue, 18 Apr 2006 11:26:32 -0700 (PDT) In-Reply-To: Content-Disposition: inline List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com On 4/18/06, The UnSeen wrote: > > Is there a way to dictate the format of naming convention of the rotate= d > logfiles to better reflect the date range of the data contained in the > file instead of simply audit.log.1, audit.log.2, etc? Something perhap= s > defined in the /etc/auditd.conf file? I'm used to the BSM scheme > personally. It would make it easier to manage the files for archiving > purposes (IMHO). > > Also, it would be nice (if it doesn't exist already) to have a way to d= o > audit reductions 1 event on a line instead of X lines for an event. I think there is a set of patches to logrotate in Debian that allows you to put your rotate format. We had an internal version that rotated it as .YYYYMMDD for that. I remember there was a bugzilla to add this for a long time... > > Ian > > > > > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit > -- Stephen J Smoogen. CSIRT/Linux System Administrator