diff --git a/aide.conf b/aide.conf
index da9d00d..8524225 100644
--- a/aide.conf
+++ b/aide.conf
@@ -128,11 +128,11 @@ DIR = ftype+p+i+l+n+u+g+acl+selinux+xattrs
 # Access control only - added file type and link name
 PERMS = ftype+p+i+l+u+g+acl+selinux
 
-# Logfiles are special, in that they often change
-# Don't track inodes (-i) since log rotation creates new files with different inodes
-# Don't track size (-s) since log rotation causes size decreases that we don't care about
+# Logfiles are special, in that they often change due to log rotation
+# Track only: permissions, file type, user, group, number of links, SELinux context, extended attributes
 # Allow new files (ANF) and allow removed files (ARF) due to log rotation techniques
-LOG = >+ANF+ARF-i-s
+# Don't track: size, inodes, timestamps, checksums and some special attributes (these change frequently with log rotation)
+LOG = p+ftype+u+g+n+ANF+ARF+selinux+xattrs
 
 # Some files get updated automatically, so the inode/ctime/mtime change
 # but we want to know when the data inside them changes - updated with modern hash
@@ -247,7 +247,7 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256
 # Log directory
 /var/log LOG
 # Journal files - exclude xattrs due to systemd journal's user.crtime_usec extended attribute changes
-/var/log/journal LOG-xattrs-acl
+/var/log/journal LOG-xattrs
 
 /var/run/utmp LOG