• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1476
  • Last Modified:

Recommended Way To Rotate Audit Log Files

What is the recommended approach to rotate the audit log files in /var/audit. I have one active (not terminated) audit file in this dir that just keeps getting bigger. I've read to add '/usr/sbin/audit -n' as a cron job for root in order to stop the audit process, create a new file then restart it. Then I simply move the older logs files to a secure location? Any other reccomendations? Running Solaris 10.


1 Solution
Brian UtterbackPrinciple Software EngineerCommented:
the easiest thing is to use logadm. Here is an example for audit files:

If you are using Solaris BSM, you can use "audit -n" command to rotate audit logs
man audit
to learn more details.

you can also use cron to run a script to do the job.

also have a look at the following pages:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now