Can't get syslog built-in plugin to post messages to syslog
Peter Butler
PButler at pt.com
Tue Sep 10 05:42:00 UTC 2013
I can't get syslog built-in plugin to post messages to syslog.
My syslog.conf plugin file is:
active = yes
direction = out
path = builtin_syslog
type = builtin
args = LOG_INFO LOG_LOCAL3
format = string
Presumably the file is indeed being parsed by the user-space audit daemon, as after having changed 'active' to 'yes' (and restarted the system), I see the audit daemon has started up the child process audispd, as required.
The audit daemon is indeed logging the audit logs to /var/log/audit/audit.log, but is not also sending them to syslog as configured.
For what it's worth I am using rsyslog rather than syslog but I assume this makes no difference (?).
The rsyslog configuration for the audit logs is straightforward - the line in question being:
local3.* /var/log/audit_trail
I assume my rsyslog is configured properly as I can send a message to LOG_LOCAL3 from the command-line using 'logger' and the message appears in /var/log/audit_trail. But the audit logs never do.
I have the following packages installed:
audit-2.2.1-1
audispd-plugins-2.2.1-1
audit-libs-2.2.1-1
More information about the Linux-audit
mailing list