audit 1.7.4 released
Steve Grubb
sgrubb at redhat.com
Tue May 27 17:15:36 UTC 2008
On Tuesday 27 May 2008 12:57:28 Klaus Heinrich Kiwi wrote:
> On Tue, 2008-05-27 at 11:16 -0500, LC Bruzenak wrote:
> > On Tue, 2008-05-27 at 12:10 -0400, Steve Grubb wrote:
> > ...
> >
> > > > Once we aggregate these would be tough to separate.
> > >
> > > That is why we added the node field. :) You should probably enable it
> > > with the name_format option.
> >
> > I think I do have it:
> >
> > [root at hugo audit]# grep name_format /etc/audit/auditd.conf
> > name_format = hostname
>
> Isn't the audit dispatcher's role of adding the node name in the record?
> If so, only records going through the audispd would have this field.
People may want the node name on disk as well as associated with events in the
real time stream. So, there are separate enablers.
-Steve
More information about the Linux-audit
mailing list