[rhn-users] Is anything supposed to clean up /var/log/audit.d?

Sterling, James A james.a.sterling at boeing.com
Thu Jan 27 18:25:15 UTC 2005 

And a small "gotyou" that I have run into with SuN and Linux RH is
having to stop the audit to clean the audit output files 

I have a simple cron job that stops audit; moves and compresses the data
files then restarts auditd

When audit is running it does NOT seem to like having its data files
worked on.. 

Hope this helps

jasiii 


>James A. Sterling III
>
>Integrated Labs                     
>610-591-6450 Voice
>610-591-3456 Fax
>610-319-1518 Pager
>
>Pager Web Site
>   http://www.arch.com/message/ 
>   Pin # 6103191518
>
>Boeing Defense & Space Group
>Information Support Services
>PO Box 33126
>MS P38/62
>Philadelphia, PA 19142-0126
>james.a.sterling at boeing.com
>

-----Original Message-----
From: Geoff Sweet [mailto:Geoff.Sweet at wildtangent.com] 
Sent: Thursday, January 27, 2005 1:21 PM
To: Red Hat Network Users List
Subject: RE: [rhn-users] Is anything supposed to clean up
/var/log/audit.d?

You could just let logrotate take care of them.  Logrotate accepts
wildcards in lofile names for cases where an application say generates a
wide range of named files.  However we have a couple systems that
generate odd-ball logfiles.  In that case I just wrote a Perl script to
cleanse the directories of files older the X days.  I then run that from
cron.  You are welcome to the script if you like.  Let me know.

-Geoff Sweet 

-----Original Message-----
From: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
On Behalf Of Rich Graves
Sent: Thursday, January 27, 2005 7:31 AM
To: rhn-users at redhat.com
Subject: [rhn-users] Is anything supposed to clean up /var/log/audit.d?

We have a system with over 15GB in /var/log/audit.d.

The LAuS auditd/audbin processes cooperate to rotate individual
logfiles, but there doesn't seem to be any system for removing old audit
files.

I think our approach is going to be to squelch entries for the known
process creating all the entries, but how do others deal with this?
--
Rich Graves <rcgraves at brandeis.edu>
UNet Systems Administrator

_______________________________________________
rhn-users mailing list
rhn-users at redhat.com
https://www.redhat.com/mailman/listinfo/rhn-users


_______________________________________________
rhn-users mailing list
rhn-users at redhat.com
https://www.redhat.com/mailman/listinfo/rhn-users

More information about the rhn-users mailing list