audisp resend question
LC Bruzenak
lenny at magitekltd.com
Thu Dec 4 17:52:54 UTC 2008
On Thu, 2008-12-04 at 12:42 -0500, Steve Grubb wrote:
> On Thursday 04 December 2008 12:21:29 LC Bruzenak wrote:
...
>
> > How can I try to resend the events to the collector?
>
> All audisp plugins take their data from stdin. You can pipe the raw output of
> ausearch into audisp-remote and it should do the right thing.
OK, works for me...the last sent message on the collector is
identifiable, but do timestamps (with full precision) work as input to
the "-ts" switch?
I don't know how to remove duplicates (probably not be an issue anyway).
Thx,
LCB.
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
More information about the Linux-audit
mailing list