audisp-prelude problems
Steve Grubb
sgrubb at redhat.com
Wed Dec 3 17:34:11 UTC 2008
On Wednesday 03 December 2008 12:17:46 LC Bruzenak wrote:
> MY favorite: ask Steve how to make the aggregating side flexible in
> this regard.
Why did I know this was coming? :)
> We may need a BZ filed or a consensus about what is important on this list. I
> also would like a separation based on time to allow for an easier
> archive/restore capability
There is a cron script shipped but not installed that can do the right thing.
> ...and maybe that built in if possible! Separation based on node is also a
> potential "good thing".
The main poblem is that once its separated, ausearch/report don't know how to
put it back together again. The current algorithm is a simple number index and
ausearch, aureport, and even auparse knows how to find the files in the right
order to make sense of it.
-Steve
More information about the Linux-audit
mailing list