Auditd 1.0.15 in RHEL4 U4

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Matthew Booth <mbooth@redhat.com>
To: linux-audit@redhat.com
Subject: Auditd 1.0.15 in RHEL4 U4
Date: Mon, 12 Feb 2007 13:54:20 +0000	[thread overview]
Message-ID: <1171288460.4760.10.camel@localhost.localdomain> (raw)

I have a requirement to stream audit logs from RHEL 4. The product will
have to be deployed before RHEL 4.5 is likely to be released, so I
expect I will have to import the 4.5 rpm into U4. Will this work without
any other 4.5 updates?

Also, I had a quick flick through the dispatcher example. I note that
it's shipping binary logs. This is great from a storage POV, however it
wasn't clear to me how this would tie in with the existing audit tools.
If I simply dump the binary data to a file, can I easily:

* Turn it into text?
* Process it with aureport/ausearch?

Also, that you're aware of, has anybody already implemented the simplest
possible centralised log server. ie:

* Stream uncompressed, unencrypted, unauthenticated audit logs to server
* Write 1 log file per client audit daemon
* Rotate on signal, respecting message boundaries

I'll be writing this if not.

Thanks,

Matt
-- 
Red Hat, Global Professional Services

M:       +44 (0)7977 267231
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490

next             reply	other threads:[~2007-02-12 13:54 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-02-12 13:54 Matthew Booth [this message]
2007-02-13  2:29 ` Auditd 1.0.15 in RHEL4 U4 Steve Grubb
2007-02-14 14:45   ` Matthew Booth
2007-02-14 15:55     ` Steve Grubb

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1171288460.4760.10.camel@localhost.localdomain \
    --to=mbooth@redhat.com \
    --cc=linux-audit@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.