LOG_WARN or LOG_WARNING?
leam hall
leamhall at gmail.com
Tue Oct 4 16:00:48 UTC 2016
On Tue, Oct 4, 2016 at 11:51 AM, Ryan Sawhill <rsawhill at redhat.com> wrote:
> On Tue, Oct 4, 2016 at 11:29 AM, leam hall <leamhall at gmail.com> wrote:
>
>> If I put "audit.none" in /etc/rsyslog.conf for the /var/log/messages
>> line, it prevents audisp from logging there even though audisp to syslog is
>> turned on.
>>
>
> I find that hard to believe, since "audit" is not a facility name and
> that's what rsyslog is expecting and the message I wrote IS what rsyslog
> prints when you give an invalid facility name, but okay.
>
I found it odd as well, but it does seem to work.
> All that said, if you really want to send audit records to a central host,
> I hope you've at least considered using auditd's own native functionality.
>
Wasn't aware of it. Pointer to a doc?
Thanks!
Leam
--
Mind on a Mission <http://leamhall.blogspot.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20161004/13c74cc3/attachment.htm>
More information about the Linux-audit
mailing list