On Wed, 26 Oct 2005, Stephen J. Smoogen wrote:
On 10/25/05, Steve G <linux_4ever@xxxxxxxxx> wrote:
Is there something other than the size of the logfile that can be used
to cause the rotation?
Not at this point. Would you need this to archive files or to reduce disk space
consumption? I'm curious about what problem this would alleviate.
The problems I can see are:
1) A set policy of log rotation. One area I know of needs to be able
to rotate the logs every 24 hours so that they can be archived on a
special media.
2) The audit logs are huge and stick out as a visual eye popper if you
are looking in /var/log. The standard training for a sysadmin is to
look for files that are largers than a certain size and look through
them for problems.
The "principle of least surprise" would seem to dictate that audit log
rotation follow the standard policy for logrotate, rotating nightly or
weekly. The failure of audit.log to follow that policy is what prompted
my question in the first place.
3) Some Incremental backup programs can go wonky on large text files.
This shows up a lot on remote backups where the backup is done via a
seek through the file to see where the changes are. [some of these
programs could use the minimal rsync algorithms..] but they seem to be
things that sites with policies have to work around versus getting a
fix.
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
