audit log rotation.

[Mackay, Scott]

For combining (something I am playing with) I am using this script to generate a working copy of the log where I can play with it:
 
awk 'BEGIN {lid=""} {if (lid!=$2) { printf "\n"s ",$2;lid=$2} for (i=1;i<NF;i++) if (i!=2) { printf "%s ",$i}' $FILE
 
Basically it will put the id field first and merge in all the columns to 1 line.  You may need to use a sort on the input, but I think it all is fairly ordered...

________________________________

From: linux-audit-bounces at redhat.com on behalf of The UnSeen
Sent: Tue 4/18/2006 12:54 PM
To: linux-audit at redhat.com
Subject: Q: audit log rotation.




Is there a way to dictate the format of naming convention of the rotated
logfiles to better reflect the date range of the data contained in the
file instead of simply audit.log.1, audit.log.2, etc?  Something perhaps
defined in the /etc/auditd.conf file?  I'm used to the BSM scheme
personally.  It would make it easier to manage the files for archiving
purposes (IMHO).

Also, it would be nice (if it doesn't exist already) to have a way to do
audit reductions 1 event on a line instead of X lines for an event.

Ian





--
Linux-audit mailing list
Linux-audit at redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit