Rotate audit log?
Steve G
linux_4ever at yahoo.com
Sat Nov 5 13:20:38 UTC 2005
>Is there something other than the size of the logfile that can be used
>to cause the rotation? Would an RFE for a command to the deamon to cause
>a rotation be appropriate? How about something in the config file to
>tell it "daily" or similar?
OK. I thought about this problem. Keeping track of time and deciding when to
rotate is an ugly problem. What I decided to do is make sigusr1 force a rotation
of the logs.
I added a rotate command to the initscript so that you can do "service auditd
rotate". Then I created a small script that is stored in the docs directory,
/usr/share/doc/audit-1.0.10/auditd.cron, since I don't want it installed by
default. The script is intended to be used with cron so that you can force a
rotation at whatever is convenient - daily, weekly, every 12 hours.
I would also like to point out that if you are wanting to see what time ranges
are contained in the logs, you just run "aureport -t".
The changes are in audit-1.0.10-1 which is in rawhide. If there are no problems
reported with that release, I will roll it out for FC4 next week. Please let me
know if there are any problems with this scheme.
-Steve
__________________________________
Start your day with Yahoo! - Make it your home page!
http://www.yahoo.com/r/hs
More information about the selinux
mailing list