[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Change request: Increase the size of audit logs (on bastion)

The attached patch will allow the audit system to utilize 100mb for its
logs, as opposed to 20mb.  Due to the sheer number of SELinux denials
that we're hitting on bastion (which will be resolved after a reboot,
and my patches from the previous mail), bastion is only storing 1-2 days
worth of audit logs.

This patch will only effect bastion, as it is currently the only machine
that is configured with 'include prelude::sensor::audisp'

>From 6f3e644a09d15c659716f82e8af18b66d75517c1 Mon Sep 17 00:00:00 2001
From: Luke Macken <lmacken redhat com>
Date: Fri, 21 Nov 2008 21:11:50 +0000
Subject: [PATCH] Increase the audit log size from 20mb to 100mb.

diff --git a/modules/prelude/templates/auditd.conf.erb b/modules/prelude/templates/auditd.conf.erb
index 4e9d153..0c95f4a 100644
--- a/modules/prelude/templates/auditd.conf.erb
+++ b/modules/prelude/templates/auditd.conf.erb
@@ -8,12 +8,12 @@ log_group = sysadmin-noc
 priority_boost = 4
 flush = none
 freq = 0
-num_logs = 4
+num_logs = 10
 disp_qos = lossless
 dispatcher = /sbin/audispd
 name_format = numeric
 #name = <%= hostname %>
-max_log_file = 5 
+max_log_file = 10
 max_log_file_action = ROTATE
 space_left = 75
 space_left_action = SYSLOG

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]