Is there a way to dictate the format of naming convention of the rotated logfiles to better reflect the date range of the data contained in the file instead of simply audit.log.1, audit.log.2, etc? Something perhaps defined in the /etc/auditd.conf file? I'm used to the BSM scheme personally. It would make it easier to manage the files for archiving purposes (IMHO).
Also, it would be nice (if it doesn't exist already) to have a way to do audit reductions 1 event on a line instead of X lines for an event.
Ian -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
