audit rotate question
LC Bruzenak
lenny at magitekltd.com
Wed May 20 18:37:01 UTC 2009
If I do a "service auditd rotate" it just sends the auditd the USR1
signal which means "start the rotation".
On a slow/burdened machine with many files this is not immediate.
I am trying to run a cron job which will :
mkdir /var/log/audit-archive/
service auditd rotate
mv /var/log/audit/audit.log.* /var/log/audit-archive/
But the files listed are not through rotating so it has issues (file not
found, leaves behind the last one rotated - audit.log.1, etc.).
How can I tell when the rotate is complete so I can move the files out?
I'm sure there is a simple way but I cannot see it.
Thx,
LCB.
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
More information about the Linux-audit
mailing list