Use logrotate for audit logs?
Ryan Sawhill
rsawhill at redhat.com
Thu Oct 20 14:15:53 UTC 2016
On Thu, Oct 20, 2016 at 7:32 AM, leam hall <leamhall at gmail.com> wrote:
> In this case, Steve talks about the system being taken down due to audit
> logs filling up the volumes. When that's not the best idea for a server, it
> looks like logrotate is a better choice.
No. You misunderstand.
auditd CAN be configured to take the system down when there's no more space
for audit logs; it does not do this by default. (See auditd.conf's various
*_action directives, e.g., disk_full_action.) There is IMHO very little
reason to switch to using logrotate. Please check out `man auditd.conf`.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20161020/377e02be/attachment.htm>
More information about the Linux-audit
mailing list