* Use logrotate for audit logs?
@ 2016-10-19 19:26 leam hall
2016-10-19 20:46 ` Simon Sekidde
0 siblings, 1 reply; 4+ messages in thread
From: leam hall @ 2016-10-19 19:26 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 182 bytes --]
Is there any reason to not use logrotate for audit logs on RHEL 6? We'd
like to keep them fresh and compressed.
Thanks!
Leam
--
Mind on a Mission <http://leamhall.blogspot.com/>
[-- Attachment #1.2: Type: text/html, Size: 397 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Use logrotate for audit logs?
2016-10-19 19:26 Use logrotate for audit logs? leam hall
@ 2016-10-19 20:46 ` Simon Sekidde
2016-10-20 11:32 ` leam hall
0 siblings, 1 reply; 4+ messages in thread
From: Simon Sekidde @ 2016-10-19 20:46 UTC (permalink / raw)
To: leam hall; +Cc: linux-audit
Hi Leam
----- Original Message -----
> From: "leam hall" <leamhall@gmail.com>
> To: linux-audit@redhat.com
> Sent: Wednesday, October 19, 2016 3:26:23 PM
> Subject: Use logrotate for audit logs?
>
> Is there any reason to not use logrotate for audit logs on RHEL 6? We'd like
> to keep them fresh and compressed.
>
This was discussed a while back
https://www.redhat.com/archives/linux-audit/2012-November/msg00008.html
> Thanks!
>
> Leam
>
> --
> Mind on a Mission
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
--
Simon Sekidde * Red Hat, Inc. * Tyson's Corner, VA
gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Use logrotate for audit logs?
2016-10-19 20:46 ` Simon Sekidde
@ 2016-10-20 11:32 ` leam hall
2016-10-20 14:15 ` Ryan Sawhill
0 siblings, 1 reply; 4+ messages in thread
From: leam hall @ 2016-10-20 11:32 UTC (permalink / raw)
To: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 1100 bytes --]
On Wed, Oct 19, 2016 at 4:46 PM, Simon Sekidde <ssekidde@redhat.com> wrote:
> Hi Leam
>
> ----- Original Message -----
> > From: "leam hall" <leamhall@gmail.com>
> > To: linux-audit@redhat.com
> > Sent: Wednesday, October 19, 2016 3:26:23 PM
> > Subject: Use logrotate for audit logs?
> >
> > Is there any reason to not use logrotate for audit logs on RHEL 6? We'd
> like
> > to keep them fresh and compressed.
> >
>
> This was discussed a while back
>
> https://www.redhat.com/archives/linux-audit/2012-November/msg00008.html
>
> > Thanks!
> >
> > Leam
> >
> > --
> > Mind on a Mission
> >
> > --
> > Linux-audit mailing list
> > Linux-audit@redhat.com
> > https://www.redhat.com/mailman/listinfo/linux-audit
>
> --
> Simon Sekidde * Red Hat, Inc. * Tyson's Corner, VA
> gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E
>
>
Simon, thanks!
In this case, Steve talks about the system being taken down due to audit
logs filling up the volumes. When that's not the best idea for a server, it
looks like logrotate is a better choice.
Leam
--
Mind on a Mission <http://leamhall.blogspot.com/>
[-- Attachment #1.2: Type: text/html, Size: 2434 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Use logrotate for audit logs?
2016-10-20 11:32 ` leam hall
@ 2016-10-20 14:15 ` Ryan Sawhill
0 siblings, 0 replies; 4+ messages in thread
From: Ryan Sawhill @ 2016-10-20 14:15 UTC (permalink / raw)
To: leam hall; +Cc: linux-audit
[-- Attachment #1.1: Type: text/plain, Size: 589 bytes --]
On Thu, Oct 20, 2016 at 7:32 AM, leam hall <leamhall@gmail.com> wrote:
> In this case, Steve talks about the system being taken down due to audit
> logs filling up the volumes. When that's not the best idea for a server, it
> looks like logrotate is a better choice.
No. You misunderstand.
auditd CAN be configured to take the system down when there's no more space
for audit logs; it does not do this by default. (See auditd.conf's various
*_action directives, e.g., disk_full_action.) There is IMHO very little
reason to switch to using logrotate. Please check out `man auditd.conf`.
[-- Attachment #1.2: Type: text/html, Size: 921 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-10-20 14:16 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-10-19 19:26 Use logrotate for audit logs? leam hall
2016-10-19 20:46 ` Simon Sekidde
2016-10-20 11:32 ` leam hall
2016-10-20 14:15 ` Ryan Sawhill
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.