Q: audit log rotation.
Stephen John Smoogen
smooge at gmail.com
Tue Apr 18 18:26:32 UTC 2006
On 4/18/06, The UnSeen <ian at south-border.com> wrote:
>
> Is there a way to dictate the format of naming convention of the rotated
> logfiles to better reflect the date range of the data contained in the
> file instead of simply audit.log.1, audit.log.2, etc? Something perhaps
> defined in the /etc/auditd.conf file? I'm used to the BSM scheme
> personally. It would make it easier to manage the files for archiving
> purposes (IMHO).
>
> Also, it would be nice (if it doesn't exist already) to have a way to do
> audit reductions 1 event on a line instead of X lines for an event.
I think there is a set of patches to logrotate in Debian that allows
you to put your rotate format. We had an internal version that rotated
it as .YYYYMMDD for that. I remember there was a bugzilla to add this
for a long time...
>
> Ian
>
>
>
>
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
More information about the Linux-audit
mailing list