From mboxrd@z Thu Jan 1 00:00:00 1970 From: LC Bruzenak Subject: Re: Interpreting fields in audisp-remote Date: Tue, 29 Mar 2011 21:49:43 -0500 Message-ID: <1301453383.2168.59.camel@lcb> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mx1.redhat.com (ext-mx11.extmail.prod.ext.phx2.redhat.com [10.5.110.16]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id p2U2nsQS006400 for ; Tue, 29 Mar 2011 22:49:54 -0400 Received: from webserver.magitekltd.com (rrcs-24-242-137-197.sw.biz.rr.com [24.242.137.197]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p2U2no6j024814 for ; Tue, 29 Mar 2011 22:49:50 -0400 In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Dmitry Krivitsky Cc: Linux Audit List-Id: linux-audit@redhat.com On Tue, 2011-03-29 at 21:07 -0400, Dmitry Krivitsky wrote: > Hi, > > I am trying to configure audisp-remote on several servers to send > audit logs > to a central server. > Is there any way to configure > audisp-remote to resolve numerical user ids, > system call numbers, etc., > before sending them to the central server? > The central server may have a > different list of users, different version of > Linux, etc., so resolving them > later on the central server may not work. > > Thanks, > Dmitry Krivitsky > Funny; I looked back and I asked about this just over 2 years ago. :) With the new store and forward patch set from Mirek I would think this would be almost required. Without having been through the patches yet though I don't know if it was included. LCB -- LC (Lenny) Bruzenak lenny@magitekltd.com