Ensure audit logs are not automatically deleted

Information

In high security contexts, the benefits of maintaining a long audit history exceed the cost of storing the audit history.

Solution

Set the following parameter in /etc/audit/auditd.conf: max_log_file_action = keep_logs

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html