run script after auditd rotates logs
Christiansen, Edward - 0992 - MITLL
edwardc at ll.mit.edu
Mon Mar 20 13:04:12 UTC 2023
Thanks. This is definitely the info I was looking for.
From: Burn Alting <burn.alting at iinet.net.au>
Sent: Saturday, March 18, 2023 9:26 PM
To: Christiansen, Edward - 0992 - MITLL <edwardc at ll.mit.edu>;
linux-audit at redhat.com
Subject: Re: run script after auditd rotates logs
Ed,
One indirect way of achieving this is to author a script that
- sends SIGUSR1 to the auditd process (which causes auditd to immediately
rotate the logs. It will consult the max_log_file_action to see if it should
keep the logs or not.)
- do whatever you need to do with the rolled over audit.log files
Clearly you only have access to the rolled over log files (given that's what
you want).
Rgds
On Sat, 2023-03-18 at 14:36 +0000, Christiansen, Edward - 0992 - MITLL wrote:
I would like to know if there is a way to tell auditd to run a script or
command after it rotates its logs. I can do this with logrotate, but would
much prefer something native to auditd. I spent some toime with Google and
found only logrotate solutions.
Thanks,
Ed Christiansen
Millstone Hill SysAdmin
--
Linux-audit mailing list
<mailto:Linux-audit at redhat.com>
Linux-audit at redhat.com <mailto:Linux-audit at redhat.com>
<https://listman.redhat.com/mailman/listinfo/linux-audit>
https://listman.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20230320/1915d928/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5669 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20230320/1915d928/attachment.p7s>
More information about the Linux-audit
mailing list