Is it possible to have the pm.eventlog broken down into smaller pieces?
By default Privilege Manager will write event logs to a single file.
It is possible to change where the logs are written to by changing the value of the eventlog variable in the policy.
You can also implement a scheme where events are seperated into different files depending on the date of the event. For example;
eventlog = sprintf("/var/log/pm.eventlog_%d%02d",year,month);
This will seperate eventlog entries into a new file every month. This makes it easier to archive logs.
To look at the events you will need to use pmlog with the -f flag to specify which file you would like to look at. For example;
pmlog -f /var/log/pm.eventlog_`date +%Y%m`, to look at the current eventlog