Details
Configure the maximum size of the audit log file. Once the log reaches the maximum size, it will be rotated and a new log file will be started.
Notes:
The max_log_file parameter is measured in megabytes.
Other methods of log rotation may be appropriate based on site policy. One example is time-based rotation strategies which don’t have native support in auditd configurations. Manual audit of custom configurations should be evaluated for effectiveness and completeness.
Rationale:
It is important that an appropriate size is determined for log files so that they do not impact the system and audit data is not lost.
Solution
Set the following parameter in /etc/audit/auditd.conf in accordance with site policy:
max_log_file =
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.