[rhn-users] Is anything supposed to clean up /var/log/audit.d?
GREG WOJTAK
GWOJTAK at salliemae.com
Fri Jan 28 14:57:07 UTC 2005
Why don't you just configure audit not to hold that much information?
The default in /etc/audit.d/audit.conf is 4 files of 20 MB each. Or am
I not understanding fully what you are asking?
Greg Wojtak
Unix Systems Administrator
Sallie Mae
(317) 598-4058
>>> cbeerse at lycos.nl 1/28/2005 9:50:41 AM >>>
Rich Graves wrote:
> We have a system with over 15GB in /var/log/audit.d.
>
> The LAuS auditd/audbin processes cooperate to rotate individual
logfiles,
> but there doesn't seem to be any system for removing old audit
files.
>
> I think our approach is going to be to squelch entries for the
> known process creating all the entries, but how do others deal with
this?
I just stopped audit (`/etc/init.d/audit stop` and `chkconfig audit
off`). That
gives me an other problem, some other services seem to depend on it.
I think there are 2 'best practices':
- remove audit from the system. This will also remove packages that
depend on it
and maybe have other implications.
- reconfigure audit to stop auditing.
If someone has success with one of these 2 steps (or an other idea to
avoid
filling /var/log/audit) please reply to the list, I think there are
more of us
who want to know.
CBee
_______________________________________________
rhn-users mailing list
rhn-users at redhat.com
https://www.redhat.com/mailman/listinfo/rhn-users
This E-Mail has been scanned for viruses.
More information about the rhn-users
mailing list