Diskless workstation audit advice
Burn Alting
burn at swtf.dyndns.org
Tue May 27 21:09:09 UTC 2014
Thanks Steve.
On Tue, 2014-05-27 at 11:24 -0400, Steve Grubb wrote:
> On Tuesday, May 27, 2014 06:39:36 AM Burn Alting wrote:
> > My question is:
> > To collect AND transmit audit until the last possible moment, is the
> > logical place to perform the last collection and transmission operation
> > within the 'stop' function of /etc/init.d/auditd ?
> >
> > The enrichment (calling ausearch -i) rules out syslog.
>
> For sysVinit systems, yes.
>
> -Steve
More information about the Linux-audit
mailing list