search

linux-audit / audit-userspace

Linux audit userspace repository
GNU General Public License v2.0
586 stars 206 forks source link

Support for rotated auditd log file with timestamp and compression #400

Open SHWETHABHAT1 opened 5 days ago

SHWETHABHAT1 commented 5 days ago

NOTE: Please refer to the Reporting Bug and Requesting Features wiki page before creating any new GitHub issues.

Currently the audit.log files are rotated based on the max_log_file and num_logs. The current audit log file is named audit.log and the rotated logs are audit.log.1, audit.log.2, so on.

1) Is there any support available or is it possible to have audit.log with timestamp embedded to the log file name. I tried using the log_file parameter to somehow support this, but wasnt working. i.e., instead of audit.log.1 ==> audit.log.23092024

2) Is there any support available to compress the rotated audit.log ?

Any help would be appreciated.

@stevegrubb

Cropi commented 4 days ago

Hello,

NOTE: Please refer to the Reporting Bug and Requesting Features wiki page before creating any new GitHub issues.

Currently the audit.log files are rotated based on the max_log_file and num_logs. The current audit log file is named audit.log and the rotated logs are audit.log.1, audit.log.2, so on.

1. Is there any support available or is it possible to have audit.log with timestamp embedded to the log file name. I tried using the log_file parameter to somehow support this, but wasnt working.
   i.e., instead of audit.log.1 ==> audit.log.23092024

In the audit roadmap, there are no plans for this, see https://github.com/linux-audit/audit-userspace/issues/297 . There are some workarounds though.

2. Is there any support available to compress the rotated audit.log ?

There is no support, see https://github.com/linux-audit/audit-userspace/issues/299 .

Any help would be appreciated.

@stevegrubb

Hope it helps.