On 09/29/2016 04:34 PM, Burn Alting wrote:
Lenny, I typically use TZ=UTC ausearch -i --input-logs \ --checkpoint <somepath>/auditd_checkpoint.txt but I also set auditd.conf to have 9 x 32MB log files so the checkpoint code only scans the more recent files.
OK; thanks Burn. I store 20 x 100MB files; I need that many for my purposes.I'll be testing it again under controlled conditions; seems like what I need in one instance.
-- LC (Lenny) Bruzenak lenny magitekltd com
Description: S/MIME Cryptographic Signature