[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ausearch checkpoint question



On 09/29/2016 04:34 PM, Burn Alting wrote:
Lenny,

I typically use

TZ=UTC ausearch -i --input-logs \
	--checkpoint <somepath>/auditd_checkpoint.txt

but I also set auditd.conf to have 9 x 32MB log files so the checkpoint
code only scans the more recent files.

OK; thanks Burn. I store 20 x 100MB files; I need that many for my purposes.
I'll be testing it again under controlled conditions; seems like what I need in one instance.

--
LC (Lenny) Bruzenak
lenny magitekltd com


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]