Rotate audit log?
Stephen J. Smoogen
smooge at gmail.com
Sat Nov 5 20:00:20 UTC 2005
On 11/5/05, Steve G <linux_4ever at yahoo.com> wrote:
> >Is there something other than the size of the logfile that can be used
> >to cause the rotation? Would an RFE for a command to the deamon to cause
> >a rotation be appropriate? How about something in the config file to
> >tell it "daily" or similar?
>
> OK. I thought about this problem. Keeping track of time and deciding when to
> rotate is an ugly problem. What I decided to do is make sigusr1 force a rotation
> of the logs.
>
> I added a rotate command to the initscript so that you can do "service auditd
> rotate". Then I created a small script that is stored in the docs directory,
> /usr/share/doc/audit-1.0.10/auditd.cron, since I don't want it installed by
> default. The script is intended to be used with cron so that you can force a
> rotation at whatever is convenient - daily, weekly, every 12 hours.
>
Wouldnt it be better to add this to logrotate? There are several
programs that get rotated and get a signal to them to get to a new
log. The details being getting the signal without losing events or
soemthing.. need more sleep.
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
More information about the fedora-selinux-list
mailing list