Rotate audit log?

Stephen J. Smoogen smooge at gmail.com
Wed Oct 26 15:16:03 UTC 2005


On 10/25/05, Steve G <linux_4ever at yahoo.com> wrote:
>
> >Is there something other than the size of the logfile that can be used
> >to cause the rotation?
>
> Not at this point. Would you need this to archive files or to reduce disk space
> consumption? I'm curious about what problem this would alleviate.
>

The problems I can see are:

1) A set policy of log rotation. One area I know of needs to be able
to rotate the logs every 24 hours so that they can be archived on a
special media.
2) The audit logs are huge and stick out as a visual eye popper if you
are looking in /var/log. The standard training for a sysadmin is to
look for files that are largers  than a certain size and look through
them for problems.
3) Some Incremental backup programs can go wonky on large text files.
This shows up a lot on remote backups where the backup is done via a
seek through the file to see where the changes are. [some of these
programs could use the minimal rsync algorithms..] but they seem to be
things that sites with policies have to work around versus getting a
fix.


--
Stephen J Smoogen.
CSIRT/Linux System Administrator




More information about the selinux mailing list