diff --git a/aide.conf b/aide.conf
index e698ac6..da4cbb5 100644
--- a/aide.conf
+++ b/aide.conf
@@ -128,8 +128,10 @@ DIR = ftype+p+i+l+n+u+g+acl+selinux+xattrs
 # Access control only - added file type and link name
 PERMS = ftype+p+i+l+u+g+acl+selinux
 
-# Logfile are special, in that they often change
-LOG = >
+# Logfiles are special, in that they often change
+# Don't track inodes (-i) since log rotation creates new files with different inodes
+# Allow new files (ANF) and allow removed files (ARF) due to log rotation techniques
+LOG = >+ANF+ARF-i
 
 # Some files get updated automatically, so the inode/ctime/mtime change
 # but we want to know when the data inside them changes - updated with modern hash
@@ -234,13 +236,18 @@ DATAONLY = ftype+p+l+n+u+g+s+acl+selinux+xattrs+sha256
 /etc/libaudit.conf$ NORMAL
 /etc/aide.conf$  NORMAL
 
-# System logs
+# System logs with proper logrotate handling
 /etc/rsyslog.conf$ NORMAL
 /etc/rsyslog.d NORMAL
 /etc/logrotate.conf$ NORMAL
 /etc/logrotate.d NORMAL
 /etc/systemd/journald.conf$ NORMAL
-/var/log LOG+ANF+ARF
+
+# Log directory
+/var/log LOG
+# Journal files - exclude xattrs due to systemd journal's user.crtime_usec extended attribute changes
+/var/log/journal LOG-xattrs
+
 /var/run/utmp LOG