Changing Syslog facility

Fri Sep 19 15:39:12 UTC 2014

On Friday, September 19, 2014 04:14:44 PM Marcus Inskip wrote:
> I’m trying to change the logging facility of audispd to local2 to send logs
> off to a remote server via Rsyslog without logging twice is this possible?

The audisp-syslog plugin should do it. Just open 
/etc/audisp/plugins.d/syslog.conf and add LOCAL2 to the args line. Then enable 
the module and restart the audit daemon.

-Steve