audit 1.7.4 released
Klaus Heinrich Kiwi
klausk at linux.vnet.ibm.com
Tue May 27 16:57:28 UTC 2008
On Tue, 2008-05-27 at 11:16 -0500, LC Bruzenak wrote:
> On Tue, 2008-05-27 at 12:10 -0400, Steve Grubb wrote:
> ...
> > > Once we aggregate these would be tough to separate.
> >
> > That is why we added the node field. :) You should probably enable it with
> > the name_format option.
>
> I think I do have it:
>
> [root at hugo audit]# grep name_format /etc/audit/auditd.conf
> name_format = hostname
Isn't the audit dispatcher's role of adding the node name in the record?
If so, only records going through the audispd would have this field.
-K
--
Klaus Heinrich Kiwi
Security Development - IBM Linux Technology Center
More information about the Linux-audit
mailing list