Keeping log files
Mont Rothstein
mont.rothstein at gmail.com
Fri Nov 18 18:37:14 UTC 2005
We want to keep all log files. This presents two problems, space and
rotation time.
To address space I want to compress the log files (bzip2).
To address rotation time all I can think to do is not rotate and instead use
cron to periodically rename (with the date), and compress the log file.
My concern is how to safely get the existing logs and start from scratch
without potentially loosing log entries. If I copy the log file and then use
/dev/null to clear the existing file, then there is a window between the cp
and the /dev/null. If I move the file will a HUP sent to auditd break the
connection to the old logfile and start a new one?
Has anyone else done this? Is there a better option than the ones I've
listed here?
Thanks,
-Mont
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20051118/42f2901a/attachment.htm>
More information about the Linux-audit
mailing list