ausearch checkpoint question
LC Bruzenak
lenny at magitekltd.com
Mon Oct 3 19:14:46 UTC 2016
On 09/29/2016 04:34 PM, Burn Alting wrote:
> Lenny,
>
> I typically use
>
> TZ=UTC ausearch -i --input-logs \
> --checkpoint <somepath>/auditd_checkpoint.txt
>
> but I also set auditd.conf to have 9 x 32MB log files so the checkpoint
> code only scans the more recent files.
OK; thanks Burn. I store 20 x 100MB files; I need that many for my purposes.
I'll be testing it again under controlled conditions; seems like what I
need in one instance.
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3805 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20161003/db2469f3/attachment.p7s>
More information about the Linux-audit
mailing list