audisp resend question
Steve Grubb
sgrubb at redhat.com
Thu Dec 4 17:42:22 UTC 2008
On Thursday 04 December 2008 12:21:29 LC Bruzenak wrote:
> Say the problem on the collector is fixed and it comes back up.
> Then we bring up the client sender machine(s).
> I haven't tested this but I do not think the missed events will get sent
> right?
Correct.
> How can I try to resend the events to the collector?
All audisp plugins take their data from stdin. You can pipe the raw output of
ausearch into audisp-remote and it should do the right thing.
-Steve
More information about the Linux-audit
mailing list