RE: audit 0.6 release
--- "Browder, Tom" <Tom.Browder(a)fwb.srs.com> wrote:
Instead of the logrotate methodology, how about
letting auditd do it.
For my purposes I would like to see the audit logs
saved as something
like
'audit.log.2004m12hd01h0001s00CST_2004m12d04h1231s42CST'
(and g or
bzipped). So the auditd could save the time stamp
of the last log save,
and when full or at the next user desired time,
atomically save the
existing log and start a new one without missing a
message
The SGI audit daemon code I posted earlier does
this sort of management and log file naming.
=====
Casey Schaufler
casey(a)schaufler-ca.com
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail