Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat Enterprise Linux 9
System Settings
System Accounting with auditd
Configure auditd Data Retention
Action for auditd to take when log files reach their maximum size
Action for auditd to take when log files reach their maximum size
An XCCDF Value
Details
Profiles
Prose
Action for auditd to take when log files reach their maximum size
The setting for max_log_file_action in /etc/audit/auditd.conf. The following options are available:
ignore - audit daemon does nothing.
syslog - audit daemon will issue a warning to syslog.
suspend - audit daemon will stop writing records to the disk.
rotate - audit daemon will rotate logs in the same convention used by logrotate.
keep_logs - similar to rotate but prevents audit logs to be overwritten. May trigger space_left_action if volume is full.