audit logs to remote syslog?
John Jasen
jjasen at gmail.com
Fri Jan 6 01:41:48 UTC 2017
I'm currently using audisp with the syslog plugin to send audit logs off
to a remote server for reduction and archiving, which for the most part,
works reasonably well.
I understand auditd has its own facility for sending to a remote auditd
collector, but haven't played with it. I've also considered using
rsyslog with an imfile directive for /var/log/audit/audit.log.
I'm sure there are options I've not considered -- what are other folks
doing?
More information about the Linux-audit
mailing list