On 4/18/06, The UnSeen <ian(a)south-border.com> wrote:
Is there a way to dictate the format of naming convention of the rotated
logfiles to better reflect the date range of the data contained in the
file instead of simply audit.log.1, audit.log.2, etc? Something perhaps
defined in the /etc/auditd.conf file? I'm used to the BSM scheme
personally. It would make it easier to manage the files for archiving
purposes (IMHO).
Also, it would be nice (if it doesn't exist already) to have a way to do
audit reductions 1 event on a line instead of X lines for an event.
I think there is a set of patches to logrotate in Debian that allows
you to put your rotate format. We had an internal version that rotated
it as .YYYYMMDD for that. I remember there was a bugzilla to add this
for a long time...
Ian
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
--
Stephen J Smoogen.
CSIRT/Linux System Administrator