[sudo-users] sudoreplay log logrotated
Todd C. Miller
Todd.Miller at courtesan.com
Thu Jul 23 17:09:33 MDT 2015
On Thu, 23 Jul 2015 13:56:46 -0000, "Fokan,Frederic,NNSA LAUSANNE,Operating Sys
tem" wrote:
> I would like to manage all logs generated using sudoreplay capabilities of
> sudo .
> As you know, all files created using sudo replay are written under
> /var/log/sudo-io/ ... but would like to manage them and logrotate them.
> Do you have any suggestions, recommendations on that specific subject ?
For sudo 1.8.7 and above you can set maxseq in sudoers to the largest
number of I/O logs you want to keep. E.g. given
Defaults maxseq 100
the sequence number would wrap after 100, effectively limiting you
to 100 I/O logs.
Another approach is to use find to remove I/O logs based on the
creation date.
- todd
More information about the sudo-users
mailing list