We currently provide bin/create-openidm-logrotate.sh to create a logrotate config for rotating audit logs. The issue with this is that the CSVAuditLogger does not know when a new log file has been created and continues writing to the old (now invalid) inode.
A possibly solution to this type of issue with logrotate is to use copytruncate. The issue with this is that between the file being copied and the old file being truncated there is a small window in which a new audit entry could be inserted that we have missed.
We need to either handle this rotation internally (similar to log4j) or implement some event that could be triggered in a postrotate that would cause idm to switch to the new audit file.