From: Greg Herrmann <herrmag@yahoo.com>
To: Ed Christiansen <edwardc@ll.mit.edu>
Cc: "linux-audit@redhat.com" <linux-audit@redhat.com>
Subject: Re: Help with auditd.conf
Date: Tue, 29 Apr 2008 11:43:46 -0700 (PDT) [thread overview]
Message-ID: <473394.54274.qm@web38108.mail.mud.yahoo.com> (raw)
In-Reply-To: <48176B07.8050100@ll.mit.edu>
[-- Attachment #1.1: Type: text/plain, Size: 1352 bytes --]
Which version of Snare are you running? If it's on an RHEL 5 server, I would assume version 1.3. If so, shouldn't you be modifying /etc/snare.conf in order to do this?
Ed Christiansen <edwardc@ll.mit.edu> wrote: Do you REALLY want to do this? your filesystem
will just have more space taken up with duplicate
information.
Scott Ehrlich wrote:
> Hello to all:
>
> I have Snare Agent and audit 1.5.2 running on a CentOS 5.0 box and a RHEL
> 5.0 server. I ideally would like audit logs to be sent to both the
> system's local audit.log file and to a log server. I reviewed the
> /etc/audit/auditd.conf file and tried to play with things and move things
> around, but an active watch of my log server's /var/log/syslog and local
> machine's audit.log does NOT show simultaneous activity, leading me to
> think it is either one way or the other, and that simultaneous local and
> remote logging is not possible.
>
> Is there a way to get both?
>
> Thanks.
>
> Scott
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
[-- Attachment #1.2: Type: text/html, Size: 1743 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
next prev parent reply other threads:[~2008-04-29 18:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-29 18:23 Help with auditd.conf Scott Ehrlich
2008-04-29 18:37 ` Ed Christiansen
2008-04-29 18:43 ` Greg Herrmann [this message]
2008-04-29 19:51 ` Kevin Boyce
2008-04-29 19:01 ` Tony Jones
2008-04-29 18:56 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=473394.54274.qm@web38108.mail.mud.yahoo.com \
--to=herrmag@yahoo.com \
--cc=edwardc@ll.mit.edu \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.