question

[David Flatley]

    If you would indulge my simpler in comparison question of the group. I
am setting up audit
on heavy usage systems. I have setup my auditd.conf to rotate the files
once they get to 70
meg and allow up to 12 rotated files. I created a cron that runs hourly to
look and see if
a ninth rotated file exists and if so run "ausearch -i" outputted to a file
and store the
file, then remove the rotated files. I run the cron to avoid losing data if
there is alot of activity
and rotated files are rolled off. I also have to balance performance with
auditing in this
arrangement.
   My question is: is there a better way to do this?
       Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20081031/e2464490/attachment.htm>