Logrotate and Audit Log Rotation
Paul Whitney
paul.whitney at mac.com
Wed Nov 14 12:52:31 UTC 2012
On RHEL 6 I am able to use the logrotate facility and compress logs using bzip2. However, when I try to use a similar method on RHEL 5, the auditd service fails to restart after the logrotate service rotates and compresses the rotated log file.
I found a post by Steve Grubb posted on 29 JUN 2011:
"Logrotate should not directly rotate the audit logs. I don't supply a logrotate
configuration, but if I did it would call service auditd rotate so that auditd performs
the action. The audit daemon has to fulfill certain service guarantees that logrotate
does not care about. For example, if the audit disk partition gets full, auditd can
take the system down. Logrotate never will. So, you have to let auditd do its own
thing or you will have some issues."
Is this still the case?
Paul M. Whitney
paul.whitney at icloud.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20121114/945dda7b/attachment.htm>
More information about the Linux-audit
mailing list