Remote logging with autitd
Wouter van Verre
woutervanverre at outlook.com
Sun Nov 2 22:09:11 UTC 2014
That fixed that issue.
Many thanks!
I'm going to have a look at implementing the plugin tomorrow.
Cheers!
Date: Sun, 2 Nov 2014 15:25:50 -0600
From: lenny at magitekltd.com
To: linux-audit at redhat.com
Subject: Re: Remote logging with autitd
On 11/02/2014 03:16 PM, Wouter van
Verre wrote:
Hi Steve,
Many thanks for your response.
I will be reading the presentation and the examples in the
tarball and go from there for implementing my processing plugin.
Regarding the logging to disk on the central server:
I have node names set up for both servers now and am now getting
the following behaviour:
On the client server I can see the events being prefixed with
node=Elephant in the log on that server.
On the central server I can see that local events are being
prefixed with node=Mongoose.
However, events that were sent to the central server by the
client server show up in the central server's log with
node=localhost.localdomain. So it seems that the node
information gets lost between the client and central server?
Would you have any idea why the node information is lost?
Many thanks,
Wouter
Check /etc/audisp/audispd.conf on your client.
Look at the line with "name_format=" and it probably says
"hostname" (case insensitive).
Test this by checking "% hostname" command on your client.
See the audispd.conf man page for more info.
LCB
--
LC (Lenny) Bruzenak
lenny at magitekltd.com
--
Linux-audit mailing list
Linux-audit at redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20141102/af97942a/attachment.htm>
More information about the Linux-audit
mailing list