Interpreting fields in audisp-remote
LC Bruzenak
lenny at magitekltd.com
Wed Mar 30 02:49:43 UTC 2011
On Tue, 2011-03-29 at 21:07 -0400, Dmitry Krivitsky wrote:
> Hi,
>
> I am trying to configure audisp-remote on several servers to send
> audit logs
> to a central server.
> Is there any way to configure
> audisp-remote to resolve numerical user ids,
> system call numbers, etc.,
> before sending them to the central server?
> The central server may have a
> different list of users, different version of
> Linux, etc., so resolving them
> later on the central server may not work.
>
> Thanks,
> Dmitry Krivitsky
>
Funny; I looked back and I asked about this just over 2 years ago.
:)
With the new store and forward patch set from Mirek I would think this
would be almost required. Without having been through the patches yet
though I don't know if it was included.
LCB
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
More information about the Linux-audit
mailing list