Date: Tue, 21 Sep 2021 22:37:58 +0000 From: JB <freebsdlists.admin@protonmail.com> To: "dan@langille.org" <dan@langille.org> Cc: freebsd-questions@freebsd.org Subject: Re: auditdistd - audit trail file retntion Message-ID: <63FzSG9SYK55EYli0V-lgAHWQu0WKoRYoAz1IFKsq8kpIoC3TXLG765IctTawyK_DAYGU4yRzG_MPYFm6bfCujEEMLjPtLumNDhAUcsQO0E=@protonmail.com>
next in thread | raw e-mail | index | archive | help
=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me= ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 > Date: Mon, 20 Sep 2021 11:07:34 -0400 > From: Dan Langille dan@langille.org > To: "freebsd-questions@freebsd.org" freebsd-questions@freebsd.org > Cc: Pawel Jakub Dawidek pjd@freebsd.org > Subject: auditdistd - audit trail file retntion > Hello, > I am using auditdistd on FreeBSD 11.4 and 12.2 - I write about audit > trail files retention. > Is there an option to dispose of older logs in /var/audit/dist ? > > So far, it seems like a custom cronjob is in order. Something like: > > ??? /usr/bin/find /var/audit/dist -type f -mtime +7 -exec rm {} \; > > FYI: I have read up about auditd, /etc/security/audit_control, and the > audit -e option. They do not apply to auditdistd. > > Thank you. > > Dan Langille - dan@langille.org > https://langille.org/ Why not just use newsyslog to manage them for you? See newsyslog.conf(5) fo= r details. Sent with ProtonMail Secure Email.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63FzSG9SYK55EYli0V-lgAHWQu0WKoRYoAz1IFKsq8kpIoC3TXLG765IctTawyK_DAYGU4yRzG_MPYFm6bfCujEEMLjPtLumNDhAUcsQO0E=>