Our audit.rules file is governed by requirements, so we cannot reduce the amount of log data being generated.
>logrotate can be configured nicely. First big step is looking at >what's going into the logs though. Are you logging at INFO level and >do you need that. I've seen that be 90% or more of the log entries. -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
