Does audit_control's "expire-after" by size works?

Lev Serebryakov lev at FreeBSD.org
Sat Jan 9 19:04:45 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


 I have this:

expire-after:356d AND 5G

 and now my /var/audit contains 1 year of files, but it takes 105
gigabytes (!).

 It is FreeBSD 10.2-STABLE r286784

- -- 
// Lev Serebryakov AKA Black Lion
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQJ8BAEBCgBmBQJWkVnmXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF
QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePsaEQANOzTdAKKSRbMNt4bP/LFO4K
RlzpI1knJWFSvwxxOIaGLxVa7vh/r2aLvoVVswlftS62svh2T7yvRf4vJQYXzsTw
Ix2sDgIgMulxHsoKGHStqZz8M9XQjJQamOSX5YZCjcaccsunWUKSUQSNPUEW4sHA
ZAWNEUM3vDTYko+BA8/6/Iy4fNcz8aNhhLv/Vfz0auR1OCHKgZK74AeVtJo2q/Xp
r6y8EC6+YL6LNb0UBiJJWThYe0rPHNG0NADZl2PPNgP3n48D+gq254QL0vSYlgB6
6Snfa0NjhZ6xeIYfKufooTizG3t9Kk67r5JV9ssxqQltdlN05rqJAMDZhJYMfQRS
ayh5wHK4eCJXmqn+/bbQbqspf1lJPHNmsZD6gUkYAjqcyjSoDtFDe3rdIkgeJ2ZV
ERiwPe3UXBk1qLLpcfRJMKPr3stlwf+MSFd3U0Qg0IblJOvVJ68KrWX45SlPWlOO
qL7iNUjh0gMMhjcSY0Fs7tWDXvbcbl8SIynazi0s3+CIH4BYkunoiNf5AKkOUG86
UMcY2Wx09IxZZK+UcCCvhx+NaMrvYSCybhNZpPRyzRbrpgBbQpX+HrBvVAyJRlX0
J9yBQXKPGCFJHqu56g6MqFZbX9KiJ5Tzt6VvajJdgTMkHDpxWHeki9ZWlibebCwq
xt0N0/du+QBuYZpNUx/C
=1nfI
-----END PGP SIGNATURE-----


More information about the freebsd-security mailing list