Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1317
  • Last Modified:

Recommended Way To Rotate Audit Log Files

What is the recommended approach to rotate the audit log files in /var/audit. I have one active (not terminated) audit file in this dir that just keeps getting bigger. I've read to add '/usr/sbin/audit -n' as a cron job for root in order to stop the audit process, create a new file then restart it. Then I simply move the older logs files to a secure location? Any other reccomendations? Running Solaris 10.

Thanks

0
IT_Telephonics
Asked:
IT_Telephonics
1 Solution
 
Brian UtterbackPrinciple Software EngineerCommented:
the easiest thing is to use logadm. Here is an example for audit files:

http://otoh.org/xwiki/bin/view/Blog/2008-08-29-audit-logadm
0
 
yuzhCommented:
If you are using Solaris BSM, you can use "audit -n" command to rotate audit logs
man audit
to learn more details.

you can also use cron to run a script to do the job.

also have a look at the following pages:
http://download.oracle.com/docs/cd/E19227-01/820-7253/enablingusingbsmauditing/index.html
http://www.sabernet.net/papers/Solaris.html
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now