audit.log with logrotate on CentOS
Warron S French
warron.s.french at aero.org
Thu May 26 15:29:38 UTC 2016
Hello, I am using CentOS-6.7 and I have implemented the audispatch configurations and they are working pretty nicely.
One of the requirements I have to satisfy, somehow, is 7 years retention of logdata. That is an enormous amount of data to store on /var/log/audit filesystem - even for a single server and 6 workstations combined. I have a 2.0TB sized filesystem in place already - but it won't be enough to satisfy the retention of 7 years of data.
So, my plan is a tiered approach to managing the log files if someone could please advise on how best to implement the following:
Rotate log files every single Monday morning at 12:01am.
When I rotate them place the dateext extension (for example 20160523) to indicate all date is up to that date extension.
When I rotate them, I also want to bzip2 compress them (I have the binaries on the server).
Only keep at most 15 of those rotated (date-string extension applied) compressed files so that I can once a month take over a DVD burner and burn the files to DvD; however, I want to ensure that the files never grow any larger than the size of a normal (not dual-layer) DvD media which is typically 4.70GB (so I am estimating a 4.0GB limitation) that is after rotation and compression.
Can someone help me figure out how to most appropriately (and more importantly) and successfully implement this configuration?
Warron French, MBA, SCSA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160526/2aa344ff/attachment.htm>
More information about the Linux-audit
mailing list