Subscribe

Increasing retention of messages file and auditlog

I read in the sysadmin guide that the messages and auditlog are rotated weekly and maintained for 6 weeks.  Is there any way to change it from 6 to something higher?

For messages we could configure syslog to send them to a loghost and keep longer retention there, but for auditlog I can’t think of a solution that doesn’t involve some scripting.

Any ideas?  Maybe something on the OnCommand server that collects and maintains files for a longer period?

Thanks,
Chris

Re: Increasing retention of messages file and auditlog

I think auditlog is rotated by size...

https://kb.netapp.com/support/index?page=content&id=1011104

Scripting may be the only solution for long term retention to avoid filling root up.

OnCommand gathering security logs sounds good, though I think it creates most of the entries in there as it monitors....

Re: Increasing retention of messages file and auditlog

My understanding is Data ONTAP keeps the last 6 auditlogs.  The auditlog is rotated weekly OR when the auditlog.max_file_size is reached.  So adjusting the auditlog.max_file_size won't help...

I guess I'll investigate fetching the log weekly over the API or CIFS, or maybe use PowerShell.  With PowerShell it looks like I could either get the formatted logs periodically using Get-NaSystemLog, or the raw log using Read-NaFile.