<div>
Regrets for answering a question with a question, but it begs the obvious: &nbsp;consider moving the logs periodically onto off-line storage (such as tape) rather than wasting primary resources. &nbsp;And, under what conditions would you be called upon to review a year old log?<br />
<br />
This is not my field so this link may not be useful, but consider <a href="https://www.experts-exchange.com/questions/27654713/TSM-Client-retention-backups-for-1-year-retention.html" rel="ugc">https://www.experts-exchange.com/questions/27654713/TSM-Client-retention-backups-for-1-year-retention.html</a>.
</div>


Regrets for answering a question with a question, but it begs the obvious:  consider moving the logs periodically onto off-line storage (such as tape) rather than wasting primary resources.  And, under what conditions would you be called upon to review a year old log?

This is not my field so this link may not be useful, but consider https://www.experts-exchange.com/questions/27654713/TSM-Client-retention-backups-for-1-year-retention.html [https://www.experts-exchange.com/questions/27654713/TSM-Client-retention-backups-for-1-year-retention.html].

<div>
There is no tape drive or external storage device available. &nbsp;Review of logs may become necessary in case of security breach, system malfunction, etc.
</div>


There is no tape drive or external storage device available.  Review of logs may become necessary in case of security breach, system malfunction, etc.

<div>
<div class="content wysiwyg-content">
What changes should I make to the auditd.conf in order to retain audit logs for one year? &nbsp;System is Centos 6.2. &nbsp;Should I change the &quot;max_log_file = SIZE&quot;? &nbsp;What about &quot;max_log_file_action = keep_logs&quot;? Does this keep logs indefinitely?
</div>
</div>


What changes should I make to the auditd.conf in order to retain audit logs for one year?  System is Centos 6.2.  Should I change the "max_log_file = SIZE"?  What about "max_log_file_action = keep_logs"? Does this keep logs indefinitely?

Audit Log Retention for One Year

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Linux Security

Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.