How to move /var/asl/data/audit to a bigger partition

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
User avatar
CRServers
Forum User
Forum User
Posts: 54
Joined: Wed Jul 04, 2012 7:44 am
Location: Costa Rica

How to move /var/asl/data/audit to a bigger partition

Unread post by CRServers »

Hello to all,

The data in /var/asl/data/audit has grown to over 11Gb taking a big chunk of our /var partition.

So I decided to modify the configuration and move that to my bigger /home partition.
I created the new folders and changed MODSEC_AUDITDIR to /home/var/asl/data/audit.
Then restarted Apache
But the audit log files did not change to the new path.

What else do I have to do or restart to activate the change?

Thanks for your help

Rodrigo
Rodrigo Fernández
Image
http://www.crservers.com
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: How to move /var/asl/data/audit to a bigger partition

Unread post by scott »

Did you update the policy with asl -s -f?
User avatar
CRServers
Forum User
Forum User
Posts: 54
Joined: Wed Jul 04, 2012 7:44 am
Location: Costa Rica

Re: How to move /var/asl/data/audit to a bigger partition

Unread post by CRServers »

Yes, I have done it several times.
From the terminal and from the GUI
But I'm stuck

It seems that some procedure is overwriting my configuration every time I run

Code: Select all

asl -s -f
I see this in the results report:
Audit Logging to: /var/asl/data/audit FIXED

SecTmpDir set to: /tmp FIXED
How can I stop ASL from overwriting my changes?

Thanks,
Rodrigo Fernández
Image
http://www.crservers.com
MehdiMoz
Forum User
Forum User
Posts: 7
Joined: Thu Dec 31, 2015 9:41 pm
Location: CA

Re: How to move /var/asl/data/audit to a bigger partition

Unread post by MehdiMoz »

CRServers wrote:Yes, I have done it several times.
From the terminal and from the GUI
But I'm stuck

It seems that some procedure is overwriting my configuration every time I run

Code: Select all

asl -s -f
I see this in the results report:
Audit Logging to: /var/asl/data/audit FIXED

SecTmpDir set to: /tmp FIXED
How can I stop ASL from overwriting my changes?

Thanks,

Try mounting a new hard drive to a new directory and symlinking /var/asl/data/audit to that new directory or mount new hard drive on /var/asl/data/audit and see if it could help
Post Reply