We want to keep all log files.&nbsp; This presents two problems, space and rotation time.<br>
<br>
To address space I want to compress the log files (bzip2).<br>
<br>
To address rotation time all I can think to do is not rotate and
instead use cron to periodically rename (with the date), and compress
the log file.<br>
<br>
My concern is how to safely get the existing logs and start from
scratch without potentially loosing log entries.&nbsp; If I copy the
log file and then use /dev/null to clear the existing file, then there
is a window between the cp and the /dev/null.&nbsp; If I move the file
will a HUP sent to auditd break the connection to the old logfile and
start a new one?<br>
<br>
Has anyone else done this?&nbsp; Is there a better option than the ones I've listed here?<br>
<br>
Thanks,<br>
-Mont<br>
<br>