SIMPLE SOLUTIONS

AUDISP-REMOTE(8) - man page online | administration and privileged commands

Plugin for remote logging.

Chapter
Apr 2011
AUDISP-REMOTE:(8)                System Administration Utilities                AUDISP-REMOTE:(8)

NAME audisp-remote - plugin for remote logging
SYNOPSIS audisp-remote
DESCRIPTION audisp-remote is a plugin for the audit event dispatcher daemon, audispd, that preforms remote logging to an aggregate logging server.
TIPS If you are aggregating multiple machines, you should enable node information in the audit event stream. You can do this in one of two places. If you want computer node names writ‐ ten to disk as well as sent in the realtime event stream, edit the name_format option in /etc/audit/auditd.conf. If you only want the node names in the realtime event stream, then edit the name_format option in /etc/audisp/audispd.conf. Do not enable both as it will put 2 node fields in the event stream.
SIGNALS SIGUSR1 Causes the audisp-remote program to write the value of some of its internal flags to syslog. The suspend flag tells whether or not logging has been suspended. The transport_ok flag tells whether or not the connection to the remote server is healthy. The queue_size tells how many records are enqueued to be sent to the remote server. SIGUSR2 Causes the audisp-remote program to resume logging if it were suspended due to an error.
FILES /etc/audisp/plugins.d/au-remote.conf, /etc/audit/auditd.conf, /etc/audisp/audispd.conf, /etc/audisp/audisp-remote.conf
SEE ALSO audispd(8), auditd.conf(8), audispd.conf(8), audisp-remote.conf(5).
AUTHOR Steve Grubb
Red Hat Apr 2011 AUDISP-REMOTE:(8)
This manual Reference Other manuals
audisp-remote(8) referred by audisp-remote.conf(5)
refer to audisp-remote.conf(5) | audispd(8)