|AUDISP-REMOTE(8)||System Administration Utilities||AUDISP-REMOTE(8)|
audisp-remote - plugin for remote logging
audisp-remote is a plugin for the audit event dispatcher that preforms remote logging to an aggregate logging server.
If you are aggregating multiple machines, you should edit auditd.conf to set the name_format to something meaningful and the log_format to enriched. This way you can tell where the event came from and have the user name and groups resolved locally before it is sent off of the machine.
- Causes the audisp-remote program to write the value of some of its internal flags to syslog. The suspend flag tells whether or not logging has been suspended. The remote_ended flag tells if the connection was broken by the server saying it can't log events. The transport_ok flag tells whether or not the connection to the remote server is healthy. The queue_size tells how many records are enqueued to be sent to the remote server.
- Causes the audisp-remote program to resume logging if it were suspended due to an error.
/etc/audit/audisp-remote.conf /etc/audit/plugins.d/au-remote.conf /etc/audit/auditd.conf
|August 2018||Red Hat|