Help with auditd.conf
Scott Ehrlich
scott at MIT.EDU
Tue Apr 29 18:23:34 UTC 2008
Hello to all:
I have Snare Agent and audit 1.5.2 running on a CentOS 5.0 box and a RHEL
5.0 server. I ideally would like audit logs to be sent to both the
system's local audit.log file and to a log server. I reviewed the
/etc/audit/auditd.conf file and tried to play with things and move things
around, but an active watch of my log server's /var/log/syslog and local
machine's audit.log does NOT show simultaneous activity, leading me to
think it is either one way or the other, and that simultaneous local and
remote logging is not possible.
Is there a way to get both?
Thanks.
Scott
More information about the Linux-audit
mailing list