hi all,
i enabled audit in my server it is working fine, now i want to delete old logs from audit file ,plz find a solution for it,
Regards
spandan
hi all,
i enabled audit in my server it is working fine, now i want to delete old logs from audit file ,plz find a solution for it,
Regards
spandan
Which O/S do you have?
Forum topic is Sun Solaris, seems likely that's the OS the O/P is using?
I wasn't going to try and answer this one as I'm not that familier with audit, but now the thread is no longer in 'unanswered' state, I'll have a go
You can use audit -n to trigger the creation of a new audit file, the old one can then be archived/deleted/whatever as you please.
A suitable logadm.conf line to handle this would be:
/var/log/audit -C 52 -N -b '/usr/sbin/audit -n' -t '$file.$n' -z 2
This will keep a year's audit logs, leaving the most recent two uncompressed.
Or of course, just cron if you don't need to clean up old files that way.
I can't remember the actual location of the audit log file, so you'll need to tweak it a bit.