# Privacy-enhanced kernel log rotation
# Reduces retention time for kernel logs that may contain VPN traces
# Generated by Algo VPN privacy role

/var/log/kern.log
{
    # Aggressive rotation for kernel logs
    rotate {{ privacy_log_rotation.rotate_count }}
    maxage {{ privacy_log_rotation.max_age }}
    size {{ privacy_log_rotation.max_size }}M
    
    daily
    missingok
    notifempty
    compress
    delaycompress
    
    create 0640 syslog adm
    copytruncate
    
    # Pre-rotation script to filter VPN-related entries
    prerotate
        # Create filtered version excluding VPN traces
        if [ -f /var/log/kern.log ]; then
            grep -v -E "(wireguard|ipsec|strongswan|xl2tpd)" /var/log/kern.log > /tmp/kern.log.filtered || true
            if [ -s /tmp/kern.log.filtered ]; then
                mv /tmp/kern.log.filtered /var/log/kern.log
            fi
        fi
    endscript
    
    postrotate
        if [ -f /var/run/rsyslogd.pid ]; then
            kill -HUP `cat /var/run/rsyslogd.pid`
        fi
    endscript
}