FW: Streaming output mode in audit.conf
Bailey, Edward
ebailey at transunion.com
Fri Jan 12 14:07:43 UTC 2007
After a little thinking I believe something like this might work
output {
mode = stream;
command = "|/usr/bin/nc -u "hostname" 514";
};
But when I start the audit daemon I get the following error and the
audit system shuts down
Jan 12 08:59:11 xxxxxxxxx auditd[1328]: output error; suspending
execution
Jan 12 08:59:11 xxxxxxxxx audit: auditd -TERM succeeded
Jan 12 08:59:15 xxxxxxxxx audit: auditd startup succeeded
Is their a way to start up the daemon in a verbose mode to get more
information or can someone tell me what is causing the error?
Thanks
Ed
> -----Original Message-----
> From: Bailey, Edward
> Sent: Thursday, January 11, 2007 4:40 PM
> To: 'linux-audit at redhat.com'
> Subject: Streaming output mode in audit.conf
>
> I am sure I am missing something obvious but I need help
> figuring out how to use the streaming output mode listed in
> audit.conf to stream audit info to syslog.
>
> The config file has:
>
> output {
> mode = stream;
> command = "/usr/local/sbin/send_to_syslog";
> };
>
> Using /usr/bin/logger does not work - I saw a reference to
> using popen() but nothing else. Any ideas?
>
> Thanks
>
> I really appreciate any help.
>
> Thanks
>
> Ed
------------------------
CONFIDENTIALITY NOTICE
This e-mail and any attachments contain information which may be confidential or privileged and exempt from disclosure under applicable law. If you are not the intended recipient, be aware that any disclosure, copying, distribution, or use of the contents of this information is without authorization and is prohibited. If you have received this email in error, please immediately notify us by returning it to the sender and delete this copy from your computer system. Thank you.
------------------------
More information about the Linux-audit
mailing list