audisp-prelude problems
Steve Grubb
sgrubb at redhat.com
Wed Dec 3 17:02:42 UTC 2008
On Wednesday 03 December 2008 11:53:19 Loredan Stancu wrote:
> Supposing the remote system is an SElinux machine (a machine which stores
> all the user activity send by audisp-remote plugins. There are more then
> one machine for which I want to store events) what should I do on this
> machine to keep separate file events for each machine
The current design of the audit system is to aggregate all logs in a unifield
format. Ausearch and report are node aware and can separate records based on
the originating node.
ausearch --start today --node 192.168.1.1
This of course assumes that you took the step of selecting a node name in
/etc/audisp/audispd.conf. :)
-Steve
More information about the Linux-audit
mailing list