* run script after auditd rotates logs
@ 2023-03-18 14:36 Christiansen, Edward - 0992 - MITLL
2023-03-19 1:25 ` Burn Alting
0 siblings, 1 reply; 3+ messages in thread
From: Christiansen, Edward - 0992 - MITLL @ 2023-03-18 14:36 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 310 bytes --]
I would like to know if there is a way to tell auditd to run a script or
command after it rotates its logs. I can do this with logrotate, but would
much prefer something native to auditd. I spent some toime with Google and
found only logrotate solutions.
Thanks,
Ed Christiansen
Millstone Hill SysAdmin
[-- Attachment #1.2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5669 bytes --]
[-- Attachment #2: Type: text/plain, Size: 107 bytes --]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: run script after auditd rotates logs
2023-03-18 14:36 run script after auditd rotates logs Christiansen, Edward - 0992 - MITLL
@ 2023-03-19 1:25 ` Burn Alting
2023-03-20 13:04 ` Christiansen, Edward - 0992 - MITLL
0 siblings, 1 reply; 3+ messages in thread
From: Burn Alting @ 2023-03-19 1:25 UTC (permalink / raw)
To: Christiansen, Edward - 0992 - MITLL, linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 903 bytes --]
Ed,
One indirect way of achieving this is to author a script that - sends SIGUSR1 to
the auditd process (which causes auditd to immediately rotate the logs. It will
consult the max_log_file_action to see if it should keep the logs or not.) - do
whatever you need to do with the rolled over audit.log files
Clearly you only have access to the rolled over log files (given that's what you
want).
Rgds
On Sat, 2023-03-18 at 14:36 +0000, Christiansen, Edward - 0992 - MITLL wrote:
> I would like to know if there is a way to tell auditd to run a script or command
> after it rotates its logs. I can do this with logrotate, but would much prefer
> something native to auditd. I spent some toime with Google and found only
> logrotate solutions.
> Thanks,
> Ed ChristiansenMillstone Hill SysAdmin--Linux-audit mailing
> listLinux-audit@redhat.com
> https://listman.redhat.com/mailman/listinfo/linux-audit
[-- Attachment #1.2: Type: text/html, Size: 1525 bytes --]
[-- Attachment #2: Type: text/plain, Size: 107 bytes --]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: run script after auditd rotates logs
2023-03-19 1:25 ` Burn Alting
@ 2023-03-20 13:04 ` Christiansen, Edward - 0992 - MITLL
0 siblings, 0 replies; 3+ messages in thread
From: Christiansen, Edward - 0992 - MITLL @ 2023-03-20 13:04 UTC (permalink / raw)
To: burn, linux-audit
[-- Attachment #1.1.1: Type: text/plain, Size: 1330 bytes --]
Thanks. This is definitely the info I was looking for.
From: Burn Alting <burn.alting@iinet.net.au>
Sent: Saturday, March 18, 2023 9:26 PM
To: Christiansen, Edward - 0992 - MITLL <edwardc@ll.mit.edu>;
linux-audit@redhat.com
Subject: Re: run script after auditd rotates logs
Ed,
One indirect way of achieving this is to author a script that
- sends SIGUSR1 to the auditd process (which causes auditd to immediately
rotate the logs. It will consult the max_log_file_action to see if it should
keep the logs or not.)
- do whatever you need to do with the rolled over audit.log files
Clearly you only have access to the rolled over log files (given that's what
you want).
Rgds
On Sat, 2023-03-18 at 14:36 +0000, Christiansen, Edward - 0992 - MITLL wrote:
I would like to know if there is a way to tell auditd to run a script or
command after it rotates its logs. I can do this with logrotate, but would
much prefer something native to auditd. I spent some toime with Google and
found only logrotate solutions.
Thanks,
Ed Christiansen
Millstone Hill SysAdmin
--
Linux-audit mailing list
<mailto:Linux-audit@redhat.com>
Linux-audit@redhat.com <mailto:Linux-audit@redhat.com>
<https://listman.redhat.com/mailman/listinfo/linux-audit>
https://listman.redhat.com/mailman/listinfo/linux-audit
[-- Attachment #1.1.2: Type: text/html, Size: 7996 bytes --]
[-- Attachment #1.2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5669 bytes --]
[-- Attachment #2: Type: text/plain, Size: 107 bytes --]
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-03-20 13:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-18 14:36 run script after auditd rotates logs Christiansen, Edward - 0992 - MITLL
2023-03-19 1:25 ` Burn Alting
2023-03-20 13:04 ` Christiansen, Edward - 0992 - MITLL
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.