public inbox for linux-audit@redhat.com
 help / color / mirror / Atom feed
* Changing Syslog facility
@ 2014-09-19 15:14 Marcus Inskip
  2014-09-19 15:25 ` Marcus Inskip
  2014-09-19 15:39 ` Steve Grubb
  0 siblings, 2 replies; 3+ messages in thread
From: Marcus Inskip @ 2014-09-19 15:14 UTC (permalink / raw)
  To: linux-audit; +Cc: parryben

Hi,

I’m trying to change the logging facility of audispd to local2 to send logs off to a remote server via Rsyslog without logging twice is this possible?    

Many thanks in advance,

Marcus

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Changing Syslog facility
  2014-09-19 15:14 Changing Syslog facility Marcus Inskip
@ 2014-09-19 15:25 ` Marcus Inskip
  2014-09-19 15:39 ` Steve Grubb
  1 sibling, 0 replies; 3+ messages in thread
From: Marcus Inskip @ 2014-09-19 15:25 UTC (permalink / raw)
  To: linux-audit; +Cc: parryben


[-- Attachment #1.1: Type: text/plain, Size: 486 bytes --]

Apologies: 

O/S: Redhat 6.5 
Rsyslog: 5.8.10-8
AuditD:  2.2-2



On 19 Sep 2014, at 16:14, Marcus Inskip <marcus.inskip@icloud.com> wrote:

> Hi,
> 
> I’m trying to change the logging facility of audispd to local2 to send logs off to a remote server via Rsyslog without logging twice is this possible?    
> 
> Many thanks in advance,
> 
> Marcus
> 
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit


[-- Attachment #1.2: Type: text/html, Size: 1113 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]



^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Changing Syslog facility
  2014-09-19 15:14 Changing Syslog facility Marcus Inskip
  2014-09-19 15:25 ` Marcus Inskip
@ 2014-09-19 15:39 ` Steve Grubb
  1 sibling, 0 replies; 3+ messages in thread
From: Steve Grubb @ 2014-09-19 15:39 UTC (permalink / raw)
  To: linux-audit; +Cc: parryben

On Friday, September 19, 2014 04:14:44 PM Marcus Inskip wrote:
> I’m trying to change the logging facility of audispd to local2 to send logs
> off to a remote server via Rsyslog without logging twice is this possible?

The audisp-syslog plugin should do it. Just open 
/etc/audisp/plugins.d/syslog.conf and add LOCAL2 to the args line. Then enable 
the module and restart the audit daemon.

-Steve

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-09-19 15:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-09-19 15:14 Changing Syslog facility Marcus Inskip
2014-09-19 15:25 ` Marcus Inskip
2014-09-19 15:39 ` Steve Grubb

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox