Q: audit log rotation.
The UnSeen
ian at south-border.com
Tue Apr 18 16:54:15 UTC 2006
Is there a way to dictate the format of naming convention of the rotated
logfiles to better reflect the date range of the data contained in the
file instead of simply audit.log.1, audit.log.2, etc? Something perhaps
defined in the /etc/auditd.conf file? I'm used to the BSM scheme
personally. It would make it easier to manage the files for archiving
purposes (IMHO).
Also, it would be nice (if it doesn't exist already) to have a way to do
audit reductions 1 event on a line instead of X lines for an event.
Ian
More information about the Linux-audit
mailing list