{"description": "The setting for max_log_file_action in /etc/audit/auditd.conf. The following options are available:\n<br />ignore - audit daemon does nothing.\n<br />syslog - audit daemon will issue a warning to syslog.\n<br />suspend - audit daemon will stop writing records to the disk.\n<br />rotate - audit daemon will rotate logs in the same convention used by logrotate.\n<br />keep_logs - similar to rotate but prevents audit logs to be overwritten. May trigger space_left_action if volume is full.", "type": "string", "operator": "equals", "interactive": false, "options": {"default": "rotate", "keep_logs": "keep_logs", "rotate": "rotate", "suspend": "suspend", "syslog": "syslog", "ignore": "ignore"}, "warnings": [], "title": "Action for auditd to take when log files reach their maximum size", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/auditing/configure_auditd_data_retention/var_auditd_max_log_file_action.var"}