Change request: Increase the size of audit logs (on bastion)
Luke Macken
lmacken at redhat.com
Fri Nov 21 21:17:11 UTC 2008
The attached patch will allow the audit system to utilize 100mb for its
logs, as opposed to 20mb. Due to the sheer number of SELinux denials
that we're hitting on bastion (which will be resolved after a reboot,
and my patches from the previous mail), bastion is only storing 1-2 days
worth of audit logs.
This patch will only effect bastion, as it is currently the only machine
that is configured with 'include prelude::sensor::audisp'
luke
-------------- next part --------------
>From 6f3e644a09d15c659716f82e8af18b66d75517c1 Mon Sep 17 00:00:00 2001
From: Luke Macken <lmacken at redhat.com>
Date: Fri, 21 Nov 2008 21:11:50 +0000
Subject: [PATCH] Increase the audit log size from 20mb to 100mb.
diff --git a/modules/prelude/templates/auditd.conf.erb b/modules/prelude/templates/auditd.conf.erb
index 4e9d153..0c95f4a 100644
--- a/modules/prelude/templates/auditd.conf.erb
+++ b/modules/prelude/templates/auditd.conf.erb
@@ -8,12 +8,12 @@ log_group = sysadmin-noc
priority_boost = 4
flush = none
freq = 0
-num_logs = 4
+num_logs = 10
disp_qos = lossless
dispatcher = /sbin/audispd
name_format = numeric
#name = <%= hostname %>
-max_log_file = 5
+max_log_file = 10
max_log_file_action = ROTATE
space_left = 75
space_left_action = SYSLOG
--
1.5.5.1
More information about the Fedora-infrastructure-list
mailing list