audit log not being rotated
Daniel J Walsh
dwalsh at redhat.com
Tue Sep 7 14:55:18 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/04/2010 02:30 PM, Mike Williams wrote:
> On Sat, Sep 4, 2010 at 1:52 PM, Dominick Grift <domg472 at gmail.com> wrote:
>
>> On Sat, Sep 04, 2010 at 01:24:33PM -0400, Mike Williams wrote:
>>>
>>> Any idea why one box out of three would behave differently? It is a
>>> worrisome difference.
>>
>> Audit does not use logrotate to rotate logs. I think it does that itself.
>> See /etc/audit/auditd.conf
>> Also the log can be rotated by running the auditd rc script: service auditd
>> rotate
>>
>>
> After lots of digging and, confirmed by your response, I now realize that
> logrotate is not being used. The cron file I mentioned uses the command you
> mentioned (service auditd rotate) to rotate the logs.
>
> I just compared /etc/auditd.conf and /etc/audit.rules on the system that was
> not rotating logs with one of the ones that has been rotating audit.log and
> they are identical.
>
> So, for me, my original question remains a puzzle. Why did it just work on
> two out of three boxes, but require adding a cron job to do "service auditd
> rotate" on the the third. Murphy's Law is in force here, the system that
> has not been rotating the logs is the one that is the most important, at
> least in terms of the number of people who use it.
>
> Mainly I'm concerned about what will happen on the update to f14, since the
> misbehaving system is now fixed.
>
> Mike
>
>
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
I would ask on the audit list.linux-audit at redhat.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkyGUlYACgkQrlYvE4MpobO2PgCbBarqt+aP+DFjo8/1IjwyY4sr
xfMAoL3zY1LvfoKNQtguhD5CGcLHxiUU
=kKWv
-----END PGP SIGNATURE-----
More information about the Linux-audit
mailing list