Support for rotated auditd log file with timestamp and compression

[SHWETHABHAT1]

NOTE: Please refer to the Reporting Bug and Requesting Features wiki page before creating any new GitHub issues.

Currently the audit.log files are rotated based on the max_log_file and num_logs. The current audit log file is named audit.log and the rotated logs are audit.log.1, audit.log.2, so on.

1. Is there any support available or is it possible to have audit.log with timestamp embedded to the log file name. I tried using the log_file parameter to somehow support this, but wasnt working.
   i.e., instead of audit.log.1 ==> audit.log.23092024

2. Is there any support available to compress the rotated audit.log ?

Any help would be appreciated.

@stevegrubb

[Cropi]

Hello,

NOTE: Please refer to the Reporting Bug and Requesting Features wiki page before creating any new GitHub issues.

Currently the audit.log files are rotated based on the max_log_file and num_logs. The current audit log file is named audit.log and the rotated logs are audit.log.1, audit.log.2, so on.

1. Is there any support available or is it possible to have audit.log with timestamp embedded to the log file name. I tried using the log_file parameter to somehow support this, but wasnt working.
   i.e., instead of audit.log.1 ==> audit.log.23092024

In the audit roadmap, there are no plans for this, see #297 . There are some workarounds though.

2. Is there any support available to compress the rotated audit.log ?

There is no support, see #299 .

Any help would be appreciated.

@stevegrubb

Hope it helps.