Hi, I'm trying to get audisp to forward logs to a remote syslog server, using the au-remote plugin. Is there any way to make this work directly, or is my only choice to go through the local syslog and forward from there? With the below settings I can indeed get the stop/start messages of audit in my remote syslog, though slightly garbled, but nothig else. Presumably it recognizes the failure and gives up? And no, unfortunately I can't use auditd to listen on the remote host, it has to be syslog. au-remote.conf: active = yes direction = out path = /sbin/audisp-remote type = always format = string audisp-remote.conf: remote_server = <remote server name> port = 514 transport = tcp mode = immediate queue_depth = 200 format = managed network_retry_time = 1 max_tries_per_record = 3 max_time_per_record = 5 heartbeat_timeout = 0 network_failure_action = stop disk_low_action = ignore disk_full_action = ignore disk_error_action = syslog remote_ending_action = suspend generic_error_action = syslog generic_warning_action = syslog enable_krb5 = no krb5_client_name = auditd -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
