Does audit_control's "expire-after" by size works?
Terje Elde
terje at elde.net
Sat Jan 9 21:04:35 UTC 2016
> On 09 Jan 2016, at 20:05, Lev Serebryakov <lev at FreeBSD.org> wrote:
>
> I have this:
>
> expire-after:356d AND 5G
>
> and now my /var/audit contains 1 year of files, but it takes 105
> gigabytes (!).
>
> It is FreeBSD 10.2-STABLE r286784
I don't recall how that limit is implemented, but it could be related to this:
https://www.freebsd.org/security/advisories/FreeBSD-EN-15:19.kqueue.asc
Terje
More information about the freebsd-security
mailing list