Log rotation and client disconnects
rshaw1 at umbc.edu
rshaw1 at umbc.edu
Thu Aug 12 15:16:51 UTC 2010
> On Thursday, August 12, 2010 10:02:29 am rshaw1 at umbc.edu wrote:
>> I've discovered the issue since I sent it, anyway. If num_logs is set
>> to
>> 0, auditd will ignore explicit requests to rotate the logs. I guess
>> this
>> may be intentional, but it's unfortunate as num_logs caps at 99 and I
>> need
>> to keep 365 of them.
>
> Have you looked at the keep_logs option for max_log_file_action?
I did, but the man page states that keep_logs is similar to rotate, so it
sounds like if I used this option, it would still rotate the log file if
it went above the max_log_file size, which I don't want to happen. I
suppose I could just set max_log_file to 99999 or something (if that's
supported). Typically, uncompressed log files for ~400 clients on the
central server end up being around 3-4Gb.
Thanks for all the help so far; I think I'm almost there.
--Ray
More information about the Linux-audit
mailing list