If I do a "service auditd rotate" it just sends the auditd the USR1 signal which means "start the rotation".
On a slow/burdened machine with many files this is not immediate. I am trying to run a cron job which will : mkdir /var/log/audit-archive/ service auditd rotate mv /var/log/audit/audit.log.* /var/log/audit-archive/ But the files listed are not through rotating so it has issues (file not found, leaves behind the last one rotated - audit.log.1, etc.). How can I tell when the rotate is complete so I can move the files out? I'm sure there is a simple way but I cannot see it. Thx, LCB. -- LC (Lenny) Bruzenak [email protected] -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
