* Changing Syslog facility
@ 2014-09-19 15:14 Marcus Inskip
2014-09-19 15:25 ` Marcus Inskip
2014-09-19 15:39 ` Steve Grubb
0 siblings, 2 replies; 3+ messages in thread
From: Marcus Inskip @ 2014-09-19 15:14 UTC (permalink / raw)
To: linux-audit; +Cc: parryben
Hi,
I’m trying to change the logging facility of audispd to local2 to send logs off to a remote server via Rsyslog without logging twice is this possible?
Many thanks in advance,
Marcus
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Changing Syslog facility
2014-09-19 15:14 Changing Syslog facility Marcus Inskip
@ 2014-09-19 15:25 ` Marcus Inskip
2014-09-19 15:39 ` Steve Grubb
1 sibling, 0 replies; 3+ messages in thread
From: Marcus Inskip @ 2014-09-19 15:25 UTC (permalink / raw)
To: linux-audit; +Cc: parryben
[-- Attachment #1.1: Type: text/plain, Size: 486 bytes --]
Apologies:
O/S: Redhat 6.5
Rsyslog: 5.8.10-8
AuditD: 2.2-2
On 19 Sep 2014, at 16:14, Marcus Inskip <marcus.inskip@icloud.com> wrote:
> Hi,
>
> I’m trying to change the logging facility of audispd to local2 to send logs off to a remote server via Rsyslog without logging twice is this possible?
>
> Many thanks in advance,
>
> Marcus
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
[-- Attachment #1.2: Type: text/html, Size: 1113 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Changing Syslog facility
2014-09-19 15:14 Changing Syslog facility Marcus Inskip
2014-09-19 15:25 ` Marcus Inskip
@ 2014-09-19 15:39 ` Steve Grubb
1 sibling, 0 replies; 3+ messages in thread
From: Steve Grubb @ 2014-09-19 15:39 UTC (permalink / raw)
To: linux-audit; +Cc: parryben
On Friday, September 19, 2014 04:14:44 PM Marcus Inskip wrote:
> I’m trying to change the logging facility of audispd to local2 to send logs
> off to a remote server via Rsyslog without logging twice is this possible?
The audisp-syslog plugin should do it. Just open
/etc/audisp/plugins.d/syslog.conf and add LOCAL2 to the args line. Then enable
the module and restart the audit daemon.
-Steve
--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-09-19 15:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-09-19 15:14 Changing Syslog facility Marcus Inskip
2014-09-19 15:25 ` Marcus Inskip
2014-09-19 15:39 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox