audit log not being rotated
Mike Williams
dmikewilliams at gmail.com
Sat Sep 4 18:30:21 UTC 2010
On Sat, Sep 4, 2010 at 1:52 PM, Dominick Grift <domg472 at gmail.com> wrote:
> On Sat, Sep 04, 2010 at 01:24:33PM -0400, Mike Williams wrote:
> >
> > Any idea why one box out of three would behave differently? It is a
> > worrisome difference.
>
> Audit does not use logrotate to rotate logs. I think it does that itself.
> See /etc/audit/auditd.conf
> Also the log can be rotated by running the auditd rc script: service auditd
> rotate
>
>
After lots of digging and, confirmed by your response, I now realize that
logrotate is not being used. The cron file I mentioned uses the command you
mentioned (service auditd rotate) to rotate the logs.
I just compared /etc/auditd.conf and /etc/audit.rules on the system that was
not rotating logs with one of the ones that has been rotating audit.log and
they are identical.
So, for me, my original question remains a puzzle. Why did it just work on
two out of three boxes, but require adding a cron job to do "service auditd
rotate" on the the third. Murphy's Law is in force here, the system that
has not been rotating the logs is the one that is the most important, at
least in terms of the number of people who use it.
Mainly I'm concerned about what will happen on the update to f14, since the
misbehaving system is now fixed.
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20100904/46d0cec8/attachment.html
More information about the selinux
mailing list