Atomicorp

Hello to all,

The data in /var/asl/data/audit has grown to over 11Gb taking a big chunk of our /var partition.

So I decided to modify the configuration and move that to my bigger /home partition.
I created the new folders and changed MODSEC_AUDITDIR to /home/var/asl/data/audit.
Then restarted Apache
But the audit log files did not change to the new path.

What else do I have to do or restart to activate the change?

Thanks for your help

Rodrigo

Did you update the policy with asl -s -f?

Yes, I have done it several times.
From the terminal and from the GUI
But I'm stuck

It seems that some procedure is overwriting my configuration every time I run I see this in the results report:

Audit Logging to: /var/asl/data/audit FIXED

SecTmpDir set to: /tmp FIXED

How can I stop ASL from overwriting my changes?

Thanks,

CRServers wrote:Yes, I have done it several times.
From the terminal and from the GUI
But I'm stuck

It seems that some procedure is overwriting my configuration every time I run

Code: Select all

asl -s -f

I see this in the results report:

Audit Logging to: /var/asl/data/audit FIXED

SecTmpDir set to: /tmp FIXED

How can I stop ASL from overwriting my changes?

Thanks,

Try mounting a new hard drive to a new directory and symlinking /var/asl/data/audit to that new directory or mount new hard drive on /var/asl/data/audit and see if it could help