Diskless workstation audit advice

Steve Grubb sgrubb at redhat.com
Tue May 27 15:24:44 UTC 2014

Previous message (by thread): Diskless workstation audit advice
Next message (by thread): Diskless workstation audit advice
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday, May 27, 2014 06:39:36 AM Burn Alting wrote:
> My question is:
> To collect AND transmit audit until the last possible moment, is the
> logical place to perform the last collection and transmission operation
> within the 'stop' function of /etc/init.d/auditd ?
> 
> The enrichment (calling ausearch -i) rules out syslog.

For sysVinit systems, yes.

-Steve

Previous message (by thread): Diskless workstation audit advice
Next message (by thread): Diskless workstation audit advice
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audit mailing list