Help with auditd.conf
Kevin Boyce
kevin.boyce at ngc.com
Tue Apr 29 19:51:01 UTC 2008
I think Ed is correct. You should have a couple of lines in snare.conf
with the following.
file=<path to logfile>
network=<remote hostname or ip>:<port>
you can comment out either one or leave both. you may even be able to
specify more than one of each, but I haven't tried that.
kevin
On Tue, 2008-04-29 at 11:43 -0700, Greg Herrmann wrote:
> Which version of Snare are you running? If it's on an RHEL 5 server,
> I would assume version 1.3. If so, shouldn't you be
> modifying /etc/snare.conf in order to do this?
>
> Ed Christiansen <edwardc at ll.mit.edu> wrote:
>
> Do you REALLY want to do this? your filesystem
> will just have more space taken up with duplicate
> information.
>
> Scott Ehrlich wrote:
> > Hello to all:
> >
> > I have Snare Agent and audit 1.5.2 running on a CentOS 5.0
> box and a RHEL
> > 5.0 server. I ideally would like audit logs to be sent to
> both the
> > system's local audit.log file and to a log server. I
> reviewed the
> > /etc/audit/auditd.conf file and tried to play with things
> and move things
> > around, but an active watch of my log
> server's /var/log/syslog and local
> > machine's audit.log does NOT show simultaneous activity,
> leading me to
> > think it is either one way or the other, and that
> simultaneous local and
> > remote logging is not possible.
> >
> > Is there a way to get both?
> >
> > Thanks.
> >
> > Scott
> >
> > --
> > Linux-audit mailing list
> > Linux-audit at redhat.com
> > https://www.redhat.com/mailman/listinfo/linux-audit
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
>
>
>
>
> ______________________________________________________________________
> Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try
> it now.
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20080429/591c43cd/attachment.htm>
More information about the Linux-audit
mailing list