Help with auditd.conf
Scott R. Ehrlich
scott at MIT.EDU
Mon Apr 28 18:40:31 UTC 2008
Hello to all:
I have Snare Agent and audit 1.5.2 running on a CentOS 5.0 box. I
ideally would like audit logs to be sent to both the system's local
audit.log file and to the log server. I reviewed the
/etc/audit/auditd.conf file and tried to play with things and move things
around, but an active watch of my log server's /var/log/syslog and local
machine's audit.log does NOT show simultaneous activity, leading me to
think it is either one method or the other, and that simultaneous local
and remote logging is not possible.
Is there a way to get both?
Thanks.
Scott
More information about the redhat-list
mailing list