question on syslog-ng and auditd
larry.erdahl at usbank.com
larry.erdahl at usbank.com
Wed Oct 26 19:12:44 UTC 2011
I want to send my auditd messages to our local log collector via
syslog-ng, what is the recommended why of doing this? Can I enter
syslog-ng as the dispatcher or do I need to first send the logs to disk
then read from the audit.log file. I have no reason to store these
messages on disk. This might be out of the realm of this group , but any
syslog-ng config recommendation would be appreciated.
As you can see from my question I'm a novice when it comes to auditd and
syslog-ng. I've read all resource materials found in
/usr/share/doc/packages/audit and googled a lot of good information and
have learned a great deal from monitoring this forum, but I'm still
struggling with auditd. Does anyone know if Redhat or anyone else offers
training for auditd or can you recommend any books that might help?
Thanks...
Larry E. Erdahl
Information Security Services
Computer Security Incident Response Team (CSIRT)
1 Meridian Crossing
Richfield, MN 55423
Mail Code: EP-MN-MS6I
Office Phone: (612)973-7153
U.S. BANCORP made the following annotations
---------------------------------------------------------------------
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.
---------------------------------------------------------------------
More information about the Linux-audit
mailing list