audit messages to syslog
Jan-Frode Myklebust
janfrode at tanso.net
Sat Oct 15 23:18:36 UTC 2011
On Sat, Oct 15, 2011 at 7:13 PM, Kevin Fenzi <kevin at scrye.com> wrote:
> We would need to setup a new server/port/firewall rule however?
> I didn't find any good/easy/simple doc on setting up a central audit
> server. Do you know of any? Otherwise I can set one up here at home and
> play around with it.
I don´t remember seeing much documentation for it, but AFAIK it´s just
a matter of defining a tcp_listen_port in /etc/audit/auditd.conf to
have it listen and collect.
tcp_listen_port
This is a numeric value in the range 1..65535 which, if speci-
fied, causes auditd to listen on the corresponding TCP port for
audit records from remote systems. The audit daemon may be
linked with tcp_wrappers. You may want to controll access with
an entry in the hosts.allow and deny files.
-jf
More information about the infrastructure
mailing list