run script after auditd rotates logs
Burn Alting
burn.alting at iinet.net.au
Sun Mar 19 01:25:46 UTC 2023
Ed,
One indirect way of achieving this is to author a script that - sends SIGUSR1 to
the auditd process (which causes auditd to immediately rotate the logs. It will
consult the max_log_file_action to see if it should keep the logs or not.) - do
whatever you need to do with the rolled over audit.log files
Clearly you only have access to the rolled over log files (given that's what you
want).
Rgds
On Sat, 2023-03-18 at 14:36 +0000, Christiansen, Edward - 0992 - MITLL wrote:
> I would like to know if there is a way to tell auditd to run a script or command
> after it rotates its logs. I can do this with logrotate, but would much prefer
> something native to auditd. I spent some toime with Google and found only
> logrotate solutions.
> Thanks,
> Ed ChristiansenMillstone Hill SysAdmin--Linux-audit mailing
> listLinux-audit at redhat.com
> https://listman.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20230319/8dec3fe5/attachment.htm>
More information about the Linux-audit
mailing list