On Sat, Sep 04, 2010 at 01:24:33PM -0400, Mike Williams wrote: > Hi there. I have three systems running f13 and on one of those systems > audit.log has not been rotated since July 20 when the system was first > brought up with f13. > > After some digging I found a reference to a file that can be run as a cron > job to cause the log file to be rotated. > (/usr/share/doc/audit-2.0.4/auditd.cron) > > The two systems on which rotating the logs has been working are both in > enforcing mode, the one that has not been rotating the log has enforcing=0 > > I do not remember doing anything else different as far as selinux goes on > these three boxes. Could not find any reference to audit.log in > /etc/logrotate.conf /etc/logrotate.d/* /etc/cron.daily/* or > /etc/cron.weekly/* on any of the systems. > > Any idea why one box out of three would behave differently? It is a > worrisome difference. > > Currently running the 2.6.34.6-47.fc13.i686.PAE kernel on the non-rotating > system and one of the two others. But the behavior has not changed from the > initial installation through all of the updates since then. All three > systems are have 2.0.4-3.fc13 of audit, audit-libs and audit-libs-python > installed. > > BTW - great work on SELinux! It has improved a great deal over the past > five years. The only reason I have one box in permissive mode is because it > is running TWiki and I have not found time to make the changes needed to get > selinux and twiki to play nice together. Audit does not use logrotate to rotate logs. I think it does that itself. See /etc/audit/auditd.conf Also the log can be rotated by running the auditd rc script: service auditd rotate > > Thanks, > > Mike > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
pgp0ZKMzorxZB.pgp
Description: PGP signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
