On Thu, Oct 20, 2016 at 7:32 AM, leam hall <[email protected]> wrote:
> In this case, Steve talks about the system being taken down due to audit > logs filling up the volumes. When that's not the best idea for a server, it > looks like logrotate is a better choice. No. You misunderstand. auditd CAN be configured to take the system down when there's no more space for audit logs; it does not do this by default. (See auditd.conf's various *_action directives, e.g., disk_full_action.) There is IMHO very little reason to switch to using logrotate. Please check out `man auditd.conf`.
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
