capturing audit data with ausearch -i
Aaron Lewis
the.warl0ck.1989 at gmail.com
Wed Dec 11 02:23:37 UTC 2013
ausearch read through the file every time, it might not be
time-efficient, isn't it?
Anyway, I use a modified audit package that write syslog directly,
instead of audit.log
On Wed, Dec 11, 2013 at 6:17 AM, Levy, Mark (ESS) <Mark.Levy at ngc.com> wrote:
> Hi,
>
> Were trying to find a way to capture the linux audit data and then pass it
> thru to ausearch –I and then send the data to our SEIM product for
> ingestion.
> Does the audispd allow the ausearch –I to be used as an arg?
> What would be the best way to attempt this?
> We would be collecting from hundreds of linux servers.
>
> Thanks for your input.
>
>
> Mark
>
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
--
Best Regards,
Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com )
Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E
More information about the Linux-audit
mailing list