AUDISP-REMOTE:(8) System Administration Utilities AUDISP-REMOTE:(8)NAMEaudisp-remote - plugin for remote logging
SYNOPSISaudisp-remoteDESCRIPTIONaudisp-remote is a plugin for the audit event dispatcher daemon, aud‐
ispd, that preforms remote logging to an aggregate logging server.
TIPS
If you are aggregating multiple machines, you should enable node infor‐
mation in the audit event stream. You can do this in one of two places.
If you want computer node names written to disk as well as sent in the
realtime event stream, edit the name_format option in
/etc/audit/auditd.conf. If you only want the node names in the realtime
event stream, then edit the name_format option in /etc/audisp/aud‐
ispd.conf. Do not enable both as it will put 2 node fields in the event
stream.
FILES
/etc/audisp/plugins.d/au-remote.conf, /etc/audit/auditd.conf, /etc/aud‐
isp/audispd.conf, /etc/audisp/audisp-remote.conf
SEE ALSOaudispd(8), auditd.conf(8), audispd.conf(8), audisp-remote.conf(5).
AUTHOR
Steve Grubb
Red Hat Mar 2008 AUDISP-REMOTE:(8)