Log rotation issue

Friday, 3 January 2014

    Run audit on dozens of systems but this one system (Red Hat 6.4 64 bit
server Audit 2..2.2 ) does a strange thing. We use "/sbin/service auditd
rotate" as part of a script that runs in /etc/cron.daily to do the audit
extractions. When the /etc/audit/audit.log is rotated, all the entries in
the log after rotation have their date as 12/31/1969 19:00. And on top of
this there is a bunch of audit entries. Reviewing the log and the entries
go along normally but when it does this date thing the log blows up in
size. This is the same audit config I run on all the other RHEL 6 systems.
My understanding is that when auditd rotates the logs that there should not
be any further entries in the rotated log. Thoughts?

David Flatley
"To err is human. To really screw up requires the root password." -UNKNOWN

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Log rotation issue