Centralized Logging question #2
Warron S French
warron.s.french at aero.org
Thu Apr 28 19:55:13 UTC 2016
If I centralize audit logging through rsyslog, and I have each of the remote machines' /etc/rsyslog.conf to use the same generic audit.log file name instead of customizing the audit logs with something like; HOSTNAME-audit.log, because ausearch apparently only looks for a file specifically of the format audit.log...
Will the log-data submitted from the various hosts be consolidated into a single file? Will the ausearch command then be usable with the -if argument?
Warron French, MBA, SCSA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20160428/69019bcc/attachment.htm>
More information about the Linux-audit
mailing list