Logrotate and Audit Log Rotation

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

From: Paul Whitney <paul.whitney@mac.com>
To: linux-audit@redhat.com
Subject: Logrotate and Audit Log Rotation
Date: Wed, 14 Nov 2012 12:52:31 +0000 (GMT)	[thread overview]
Message-ID: <ba0db2f3-4cc0-e089-f33a-e5121538ba0d@me.com> (raw)

[-- Attachment #1.1: Type: text/plain, Size: 847 bytes --]

On RHEL 6 I am able to use the logrotate facility and compress logs using bzip2. However, when I try to use a similar method on RHEL 5, the auditd service fails to restart after the logrotate service rotates and compresses the rotated log file.

I found a post by Steve Grubb posted on 29 JUN 2011:

"Logrotate should not directly rotate the audit logs. I don't supply a logrotate 
configuration, but if I did it would call service auditd rotate so that auditd performs
the action. The audit daemon has to fulfill certain service guarantees that logrotate
does not care about. For example, if the audit disk partition gets full, auditd can
take the system down. Logrotate never will. So, you have to let auditd do its own
thing or you will have some issues."

Is this still the case? 

Paul M. Whitney
paul.whitney@icloud.com

[-- Attachment #1.2.1: Type: text/html, Size: 1241 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]

next             reply	other threads:[~2012-11-14 12:47 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-11-14 12:52 Paul Whitney [this message]
2012-11-14 13:54 ` Logrotate and Audit Log Rotation Steve Grubb

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ba0db2f3-4cc0-e089-f33a-e5121538ba0d@me.com \
    --to=paul.whitney@mac.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox