On 4/18/06, The UnSeen <[EMAIL PROTECTED]> wrote: > > Is there a way to dictate the format of naming convention of the rotated > logfiles to better reflect the date range of the data contained in the > file instead of simply audit.log.1, audit.log.2, etc? Something perhaps > defined in the /etc/auditd.conf file? I'm used to the BSM scheme > personally. It would make it easier to manage the files for archiving > purposes (IMHO). > > Also, it would be nice (if it doesn't exist already) to have a way to do > audit reductions 1 event on a line instead of X lines for an event.
I think there is a set of patches to logrotate in Debian that allows you to put your rotate format. We had an internal version that rotated it as .YYYYMMDD for that. I remember there was a bugzilla to add this for a long time... > > Ian > > > > > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit > -- Stephen J Smoogen. CSIRT/Linux System Administrator -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
