diff --git a/tasks/main.yml b/tasks/main.yml
index 3a976f6..b67c066 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -219,6 +219,20 @@
   when: ldap_entries is defined
   ignore_errors: true
 
+- name: touch /var/log/ldapaudit.log
+  ansible.builtin.file:
+   path: /var/log/ldapaudit.log
+   owner: "{{ ldap_user }}"
+   group: "{{ ldap_user }}"
+   state: touch
+  tags: auditlog
+
+- name: rotate /var/log/ldapaudit.log
+  tags: auditlog
+  ansible.builtin.template:
+   src: logrotate_auditlog
+   dest: /etc/logrotate.d/
+
 - name: setup backup
   ansible.builtin.import_tasks: backup.yml
   tags: backup_ldap
diff --git a/template logrotate_auditlog b/template logrotate_auditlog
new file mode 100644
index 0000000..ce4c79d
--- /dev/null
+++ b/template logrotate_auditlog	
@@ -0,0 +1,7 @@
+/var/log/ldapaudit.log {
+  daily
+  create 640 {{ ldap_user }} {{ ldap_user }}
+  rotate 30
+  missingok
+  notifempty
+}
diff --git a/templates/logrotate_auditlog b/templates/logrotate_auditlog
new file mode 100644
index 0000000..ce4c79d
--- /dev/null
+++ b/templates/logrotate_auditlog
@@ -0,0 +1,7 @@
+/var/log/ldapaudit.log {
+  daily
+  create 640 {{ ldap_user }} {{ ldap_user }}
+  rotate 30
+  missingok
+  notifempty
+}