Date: Tue, 21 Sep 2021 22:37:58 +0000 From: JB <freebsdlists.admin@protonmail.com> To: "dan@langille.org" <dan@langille.org> Cc: freebsd-questions@freebsd.org Subject: Re: auditdistd - audit trail file retntion Message-ID: <63FzSG9SYK55EYli0V-lgAHWQu0WKoRYoAz1IFKsq8kpIoC3TXLG765IctTawyK_DAYGU4yRzG_MPYFm6bfCujEEMLjPtLumNDhAUcsQO0E=@protonmail.com>
next in thread | raw e-mail | index | archive | help
=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me=
ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90
> Date: Mon, 20 Sep 2021 11:07:34 -0400
> From: Dan Langille dan@langille.org
> To: "freebsd-questions@freebsd.org" freebsd-questions@freebsd.org
> Cc: Pawel Jakub Dawidek pjd@freebsd.org
> Subject: auditdistd - audit trail file retntion
> Hello,
> I am using auditdistd on FreeBSD 11.4 and 12.2 - I write about audit
> trail files retention.
> Is there an option to dispose of older logs in /var/audit/dist ?
>
> So far, it seems like a custom cronjob is in order. Something like:
>
> ??? /usr/bin/find /var/audit/dist -type f -mtime +7 -exec rm {} \;
>
> FYI: I have read up about auditd, /etc/security/audit_control, and the
> audit -e option. They do not apply to auditdistd.
>
> Thank you.
>
> Dan Langille - dan@langille.org
> https://langille.org/
Why not just use newsyslog to manage them for you? See newsyslog.conf(5) fo=
r details.
Sent with ProtonMail Secure Email.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63FzSG9SYK55EYli0V-lgAHWQu0WKoRYoAz1IFKsq8kpIoC3TXLG765IctTawyK_DAYGU4yRzG_MPYFm6bfCujEEMLjPtLumNDhAUcsQO0E=>