audit messages to syslog
Jan-Frode Myklebust
janfrode at tanso.net
Wed Oct 12 07:46:17 UTC 2011
On Tue, Oct 11, 2011 at 01:56:04PM -0600, Kevin Fenzi wrote:
>
> I'd like to try stopping auditd and having selinux audit messages go to
> rsyslog (and thus be captured over on log02). This way we can have
> epylog process those logs, they can be remote so we can have a remote
> copy of them.
>
<snip>
>
> Thoughts? downsides? Alternate plans?
Auditd supports both logging to syslog (ref: /etc/audisp/plugins.d/syslog.conf)
and to remote audit servers trough audispd-plugins
(/etc/audisp/plugins.d/au-remote.conf).
Would it not be better to use one of those ?
-jf
More information about the infrastructure
mailing list