Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
1
Description
Background
The the audit logs rotation is setup as followed:
audit:
|
enabled: true
|
disabledEvents:
|
- 20492
|
- 32772
|
- 28697
|
rotation:
|
interval: "20m"
|
size: "50Mi"
|
garbageCollection:
|
sidecar:
|
enabled: true
|
age: "+30m"
|
The busybox image runs a "while" command with find and delete however find requires a "+" to signal files OLDER than the time specified.
This + is missing from the command and it isn't carried over from the yaml configs. Resulting busybox command with "+" missing in "-mmin" option. This makes it only delete files that are exactly X minutes old and not older than X minutes.
Command:
|
/bin/sh
|
Args:
|
-c
|
while true; do sleep ${AUDIT_CLEANUP_INTERVAL} ; echo "Cleaning audit logs every ${AUDIT_CLEANUP_INTERVAL}s, files older than ${AUDIT_CLEANUP_AGE}"; find ${AUDIT_LOG_DIR} -mmin ${AUDIT_CLEANUP_AGE} -type f -name "*-audit.log" -delete -print; done
|