Action for auditd to take when log files reach their maximum size

An XCCDF Value

Details
Profiles
Prose

Description

The setting for max_log_file_action in /etc/audit/auditd.conf. The following options are available:
ignore - audit daemon does nothing.
syslog - audit daemon will issue a warning to syslog.
suspend - audit daemon will stop writing records to the disk.
rotate - audit daemon will rotate logs in the same convention used by logrotate.
keep_logs - similar to rotate but prevents audit logs to be overwritten. May trigger space_left_action if volume is full.

ID: xccdf_org.ssgproject.content_value_var_auditd_max_log_file_action
Updated: about 1 year ago