auditd.conf/audispd.conf question...
Steve Grubb
sgrubb at redhat.com
Thu Oct 7 14:09:11 UTC 2010
On Thursday, October 07, 2010 09:54:10 am Steve Grubb wrote:
> > I want to log both locally and to a central server. So which file should
> > this be specified in /etc/audit/auditd.conf or /etc/audisp/audispd.conf
> > or both?
>
> Both. They are independent of each other.
Let me clarify. If you want the node name in both places, then you need to put
it in both places. At a minimum, you would want it in audispd.conf so that the
central logger knows where things come from. But you can leave it off the
auditd.conf to save disk space unless you need it to match.
-Steve
More information about the Linux-audit
mailing list