From mboxrd@z Thu Jan 1 00:00:00 1970 From: LC Bruzenak Subject: Re: audisp-remote and audisp-prelude question Date: Tue, 24 Mar 2009 12:30:28 -0500 Message-ID: <1237915828.9480.260.camel@homeserver> References: <200902271033.21486.sgrubb@redhat.com> <1235751224.7212.24.camel@homeserver> <200902271156.55861.sgrubb@redhat.com> <1237912188.9480.258.camel@homeserver> <1237913711.3670.11.camel@roken.inl.fr> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Return-path: Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n2OHVqZT022275 for ; Tue, 24 Mar 2009 13:31:52 -0400 Received: from mail.magitekltd.com (rrcs-24-242-137-197.sw.biz.rr.com [24.242.137.197]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n2OHUTWN001161 for ; Tue, 24 Mar 2009 13:30:29 -0400 In-Reply-To: <1237913711.3670.11.camel@roken.inl.fr> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Sebastien Tricaud Cc: Linux Audit List-Id: linux-audit@redhat.com On Tue, 2009-03-24 at 17:55 +0100, Sebastien Tricaud wrote: > On Tue, 2009-03-24 at 11:29 -0500, LC Bruzenak wrote: > > > > However, logins on the remote machine which are sent to the collector > > log do not make it into the prelude DB (at least prewikka doesn't show > > them). I have no prewikka filters and I have the prewikka viewer set to > > "1 day". > > Hi, > > can you see events coming to prelude-manager when running: > prelude-manager --debug > > ? > > Thanks, > Sebastien. > Sebastien, Thanks for the reply. I do not see it getting into the prelude-manager. I also did a local login so I could see one which worked and the alert came through in that case. LCB. -- LC (Lenny) Bruzenak lenny@magitekltd.com