auditdistd - audit trail file retntion

Dan Langille dan at
Mon Sep 20 17:16:00 UTC 2021


I am using auditdistd on FreeBSD 11.4 and 12.2 - I write about audit 
trail files retention.

Is there an option to dispose of older logs in /var/audit/dist ?

So far, it seems like a custom cronjob is in order. Something like:

     /usr/bin/find /var/audit/dist -type f -mtime +7 -exec rm {} \;

FYI: I have read up about auditd, /etc/security/audit_control, and the 
audit -e option. They do not apply to auditdistd.

Thank you.

Dan Langille - dan at

More information about the freebsd-questions mailing list