audit log not being rotated
Steve Grubb
sgrubb at redhat.com
Tue Sep 7 19:40:33 UTC 2010
On Tuesday, September 07, 2010 10:55:18 am Daniel J Walsh wrote:
> > So, for me, my original question remains a puzzle. Why did it just work
> > on two out of three boxes, but require adding a cron job to do "service
> > auditd rotate" on the the third. Murphy's Law is in force here, the
> > system that has not been rotating the logs is the one that is the most
> > important, at least in terms of the number of people who use it.
There is no telling without access to your system. This is not a known bug in
the audit system that is similar to what is described. So I would expect
another explanation. Perhaps the other systems have enough events that the
audit system is rotating the logs. The audit system rotates based on log size
and not time of day.
Logrotate has never been configured to do log rotation for the audit system
because of conflicting requirements of the audit daemon needing to take special
actions based on disk full and other errors vs simple rotation.
-Steve
More information about the Linux-audit
mailing list