nss event audits


A client has SIEM solution and they need to send NSS events to the SIEM solution. The SIEM solution can read logs files.

So i enabled vigil

/etc/init.d/novell-vigil start

started vlog

/opt/novell/vigil/bin/vlog -d --size 10000  -o /media/nss/DATA/log/event-file.log   -p "+DATA:/** (OPEN DELETE CREATE MODIFY)"

Now the problem:

The nss event log is not rotated, therefore this is misleading the SIEM solution, when it reads the logs ( every 24 hour), same logs keeps showing up over and over. I tried reading the vlog documentation and i can't find any solution that can assist us to rotate the logs, preferably every 24 hour.

the --size, doesn't seem to be working because the log file exceeds the specified size. Is there any other option that can use to rotate logs?

Labels (1)
1 Reply
Micro Focus Contributor
Micro Focus Contributor


Thanks for posting this here.

For event log rotation we need to use "-R" or "--fileRollSize" option.  

 -R, --fileRollSize]{size}
Limit the vlog audit log file to {size} bytes (before rolling). Specify the maximum log file size in bytes. If the specified value is not a multiple of 4096 bytes (4 KB), it is automatically rounded up to  the nearest 4-KB block. The minimum log file size is 256 kilobytes (256 KB). The maximum log file size is 100 megabytes (100 MB).

--size option is restrict the size of the binary file.

Hope this helps,



The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.