From: Dan Gruhn <Dan.Gruhn@groupw.com>
To: linux-audit@redhat.com
Subject: Central Audit Server with Prelude and Prewikka - RHEL5
Date: Fri, 13 Feb 2009 15:11:26 -0500 [thread overview]
Message-ID: <4995D3EE.3020005@groupw.com> (raw)
In-Reply-To: <499460FF.3050400@groupw.com>
Greetings,
I have a 64 bit EL 5.2 system that I have built and installed all of the
necessary packages for the latest audit (1.7.11-1), prelude and prewikka.
This all seems to be working fine on the central cluster server and I
have set up a client in a cluster node to report its audit information
to the server. This seems to be working in that I see both the master
and the node reporting their information in the master's
/var/log/messages and /var/log/audit/audit.log. I still have an issue
with SELinux and the port connection, but I'm running in permissive mode
for now.
I'm using Prelude and Prewikka to view events and I see the master as a
sensor/source and its events, but I don't see the node. I thought that
once the audit/syslog information was making it to the central files the
rest would also work but that doesn't seem to be the case.
Steve's "Audit + Prelude HOWTO" has been quite helpful, but it describes
putting the client and server all on one machine (which I have working)
and I'm just not getting what to change to add another client. I don't
have prelude-manager running on the client, but it seems as though I
don't need that. Could someone give me a pointer on where to look for
the problem?
Thanks,
Dan
next prev parent reply other threads:[~2009-02-13 20:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-12 17:01 Remote audit clients on RHEL 5.2 Dan Gruhn
2009-02-12 17:43 ` Steve Grubb
2009-02-12 17:48 ` Dan Gruhn
2009-02-13 20:11 ` Dan Gruhn [this message]
2009-02-13 20:27 ` Central Audit Server with Prelude and Prewikka - RHEL5 Steve Grubb
2009-02-13 21:45 ` Dan Gruhn
[not found] ` <200902121338.50329.sgrubb@redhat.com>
2009-02-17 18:43 ` Remote audit clients on RHEL 5.2 Dan Gruhn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4995D3EE.3020005@groupw.com \
--to=dan.gruhn@groupw.com \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.