Julien

My main usage is ansible (or any provisioners/CI/CD) but valid for manual admin work too unless blindly deploying. ``` - name: Copy a new sudoers file into place, after passing...

You can do with rsyslog. for example with https://github.com/juju4/ansible-sysmon/blob/master/templates/rsyslog-sysmon.conf.j2 at least until a native option to directly log to file.

IMHO better to use external logrotate for rotation with just ensuring a HUP signal forces reopening log file. But that does not prevent to have option to log a file...

agreed on rotation frequency. you can likely change it from cron.daily to cron.hourly but may have side impacts. or just add extra call like https://jira.atlassian.com/browse/HCPUB-546 (care if dateext is enabled...

at this point, there is no solution implementation so it is still opened but unlikely, logs are written per event, most often line by line which means log file can't...

Done

having a full event set seems to be a partial issue ``` # tail -100 /var/log/audit/audit.log | laurel ; echo $?; cat audit.log 0 {"warning":"Not dropping privileges -- no user...

Sorry for delay ``` # /usr/local/bin/laurel -d # /usr/local/bin/laurel -d -c /etc/laurel/config.toml # ``` I tried with an expected valid config file and and after adding some useless line with...

Sorry, I believed I had updated. Yes, it fixed the issue. But one thing that I was thinking are they are other types required/useful? CWD seems to be not required...

If comparing this way, got below which has still some big difference in count ``` # jq -r 'keys' /var/log/laurel/audit.log | egrep -v '(\]|\[)' | sort | uniq -c |...