Rotate audit log?
Matthew Saltzman
mjs at ces.clemson.edu
Wed Oct 26 16:41:25 UTC 2005
On Wed, 26 Oct 2005, Stephen J. Smoogen wrote:
> On 10/25/05, Steve G <linux_4ever at yahoo.com> wrote:
>>
>>> Is there something other than the size of the logfile that can be used
>>> to cause the rotation?
>>
>> Not at this point. Would you need this to archive files or to reduce disk space
>> consumption? I'm curious about what problem this would alleviate.
>>
>
> The problems I can see are:
>
> 1) A set policy of log rotation. One area I know of needs to be able
> to rotate the logs every 24 hours so that they can be archived on a
> special media.
> 2) The audit logs are huge and stick out as a visual eye popper if you
> are looking in /var/log. The standard training for a sysadmin is to
> look for files that are largers than a certain size and look through
> them for problems.
The "principle of least surprise" would seem to dictate that audit log
rotation follow the standard policy for logrotate, rotating nightly or
weekly. The failure of audit.log to follow that policy is what prompted
my question in the first place.
> 3) Some Incremental backup programs can go wonky on large text files.
> This shows up a lot on remote backups where the backup is done via a
> seek through the file to see where the changes are. [some of these
> programs could use the minimal rsync algorithms..] but they seem to be
> things that sites with policies have to work around versus getting a
> fix.
>
>
> --
> Stephen J Smoogen.
> CSIRT/Linux System Administrator
>
>
>
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
More information about the fedora-selinux-list
mailing list