capturing audit data with ausearch -i
Levy, Mark (ESS)
Mark.Levy at ngc.com
Tue Dec 10 22:17:26 UTC 2013
Hi,
Were trying to find a way to capture the linux audit data and then pass it thru to ausearch -I and then send the data to our SEIM product for ingestion.
Does the audispd allow the ausearch -I to be used as an arg?
What would be the best way to attempt this?
We would be collecting from hundreds of linux servers.
Thanks for your input.
Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20131210/6f9cccf9/attachment.htm>
More information about the Linux-audit
mailing list