Central logging and audit.log
Marcos Aurelio Rodrigues
deigratia33 at gmail.com
Wed Apr 23 16:54:24 UTC 2008
Hi Scott,
A suggestion, why dont you try a tool like ossec (www.ossec.net). You can
centralize your logs and create policies to read any log you want.
--
========================================
Marcos Aurelio Rodrigues (DEiGrAtiA-33)
<deigratia33 at gmail.com>
CCNA, MCSO, Security+
Mirabilia laudo semprer, Dei
========================================
On Wed, Apr 23, 2008 at 1:33 PM, Scott R. Ehrlich <scott at mit.edu> wrote:
> I am looking at using all in-house tools (syslog.conf,
> /etc/sysconfig/syslog, and gnome-log-viewer or have the log file go to a
> web-accessed file), with everything being logged to /var/log/master_log_file
> or /var/www/master_log_file.
>
> What the master_log_file doesn't capture are the entries in audit.log. If
> I use the viewer to review audit.log, I get the raw date/time stamp format,
> which is not human readable.
>
> So, how can I get audit.log (from all clients) details to pipe (really
> also get copied) to the master_log_file, and, along the way, be properly
> interpreted by ausearch -i so I can actually tell the proper date/time of
> the entries?
>
> Thanks.
>
> Scott
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list