audit.log file rotation

UNIX AIX
1

Hi guys,

I've googled this quite a bit, and tried searching on these forums, but haven't found a solution to my problem. I wanted to inquire about AIX's audit subsystem - more specifically, how to rotate its log file.

So far I've been able to find how to rotate AIX syslog log files, and I found some cronlog info, but neither helps me with audit.log. Does AIX have a way of automatically rotating this file once it reaches a certain size? I really want to avoid having to write a script to monitor the files, rename them and restart audit, but I'll do it if it comes down to it. Any info will be greatly appreciated.

Thanks in advance :slight_smile:
Pedro

ps. in case it might help, this is my config:

/etc/security/audit/config:

start:
        binmode = on
        streammode = off

bin:
        trail = /audit/trail
        bin1 = /audit/bin1
        bin2 = /audit/bin2
        binsize = 4096
        cmds = /etc/security/audit/bincmds
        freespace = 65536

stream:
        cmds = /etc/security/audit/streamcmds

/etc/security/audit/bincmds:

/usr/sbin/auditcat -p -o $trail $bin
/usr/sbin/auditpr -v < $trail > /audit/audit.log
2

I am not into auditing but I found this, I hope it helps. They talk about maxsize of auditing log etc.
IBM Cluster information center

Also found this:
auditlog(ADM)

3

Thanks for the links. :slight_smile:

However, I had to put in log rotation into my script, as I couldn't find something to do it for me. Basically, my code does the appropriate moving of files, then does "audit shutdown" and "audit start". Not pretty, but it works. Oh well. ;|

Thanks again dude. Have a good weekend. :slight_smile: