Interpreting fields in audisp-remote

public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed

* Interpreting fields in audisp-remote
@ 2011-03-30  1:07 Dmitry Krivitsky
  2011-03-30  2:49 ` LC Bruzenak
  2011-03-30  2:56 ` Steve Grubb
  0 siblings, 2 replies; 3+ messages in thread
From: Dmitry Krivitsky @ 2011-03-30  1:07 UTC (permalink / raw)
  To: linux-audit

Hi,

I am trying to configure audisp-remote on several servers to send 
audit logs 
to a central server.
Is there any way to configure 
audisp-remote to resolve numerical user ids, 
system call numbers, etc., 
before sending them to the central server?
The central server may have a 
different list of users, different version of 
Linux, etc., so resolving them 
later on the central server may not work.

Thanks,
Dmitry Krivitsky

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Interpreting fields in audisp-remote
  2011-03-30  1:07 Interpreting fields in audisp-remote Dmitry Krivitsky
@ 2011-03-30  2:49 ` LC Bruzenak
  2011-03-30  2:56 ` Steve Grubb
  1 sibling, 0 replies; 3+ messages in thread
From: LC Bruzenak @ 2011-03-30  2:49 UTC (permalink / raw)
  To: Dmitry Krivitsky; +Cc: Linux Audit

On Tue, 2011-03-29 at 21:07 -0400, Dmitry Krivitsky wrote:
> Hi,
> 
> I am trying to configure audisp-remote on several servers to send 
> audit logs 
> to a central server.
> Is there any way to configure 
> audisp-remote to resolve numerical user ids, 
> system call numbers, etc., 
> before sending them to the central server?
> The central server may have a 
> different list of users, different version of 
> Linux, etc., so resolving them 
> later on the central server may not work.
> 
> Thanks,
> Dmitry Krivitsky
> 

Funny; I looked back and I asked about this just over 2 years ago.
:)

With the new store and forward patch set from Mirek I would think this
would be almost required. Without having been through the patches yet
though I don't know if it was included.

LCB

-- 
LC (Lenny) Bruzenak
lenny@magitekltd.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Interpreting fields in audisp-remote
  2011-03-30  1:07 Interpreting fields in audisp-remote Dmitry Krivitsky
  2011-03-30  2:49 ` LC Bruzenak
@ 2011-03-30  2:56 ` Steve Grubb
  1 sibling, 0 replies; 3+ messages in thread
From: Steve Grubb @ 2011-03-30  2:56 UTC (permalink / raw)
  To: linux-audit

On Tuesday, March 29, 2011 09:07:12 pm Dmitry Krivitsky wrote:
> I am trying to configure audisp-remote on several servers to send
> audit logs to a central server. Is there any way to configure
> audisp-remote to resolve numerical user ids, system call 
> numbers, etc., before sending them to the central server?

Not yet.

-Steve

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-03-30  2:56 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-03-30  1:07 Interpreting fields in audisp-remote Dmitry Krivitsky
2011-03-30  2:49 ` LC Bruzenak
2011-03-30  2:56 ` Steve Grubb

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox