component:
  - audit
framework: beakerlib
require:
  - library(audit/testing)
adjust:
  - enabled: false
    when: distro == rhel-4, rhel-5, rhel-6
    continue: false
  - enabled: false
    when: arch == ppc64, ppc64le
    continue: false
contact:
  - Ondrej Moris <omoris@redhat.com>
description: |+
    Test that max_log_file, max_log_file_action and num_logs options 
    of auditd work as expected.

    The log_format describes how the information should be stored on disk.
    There are 2 options and 1 depreated: 

      * NOLOG    - deprecated, if you are setting this format, now you should set 
                   the write_logs option to no;

      * RAW      - the audit records will be stored in a format exactly as the 
                   kernel sends it (default);

      * ENRICHED - will resolve all uid, gid, syscall,  architecture, and socket
                   address information before writing the event to disk. This aids 
                   in making sense of events created on one system but 
                   reported/analized on another system. 


duration: 60m
enabled: true
extra-nitrate: TC#0598628
extra-summary: /CoreOS/audit/Sanity/options-max-log-file
extra-task: /CoreOS/audit/Sanity/options-max-log-file
link:
  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1672287
recommend:
  - audit
summary: Sanity of max_log_file* options of auditd
tag:
  - NoRHEL4
  - NoRHEL5
  - NoRHEL6
  - TIPfail_Security
  - Tier2
  - fedora-wanted
test: ./runtest.sh
tier: '2'
name: /Sanity/options-max-log-file
order: 50
id:
path: /Sanity/options-max-log-file
manual: false
tty: false
environment: {}
result: respect
where:
check: []
restart-on-exit-code: []
restart-max-count: 1
restart-with-reboot: false
sources:
  - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/main.fmf
  - /var/tmp/tmt/run-017/Plans/general/discover/Downstream_audit_tests/tests/Sanity/options-max-log-file/main.fmf
context: {}