From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ed Christiansen Subject: Re: Help with auditd.conf Date: Tue, 29 Apr 2008 14:37:59 -0400 Message-ID: <48176B07.8050100@ll.mit.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m3TIfSjs024046 for ; Tue, 29 Apr 2008 14:41:28 -0400 Received: from ll.mit.edu (LLMAIL1.LL.MIT.EDU [129.55.12.41]) by mx3.redhat.com (8.13.8/8.13.8) with ESMTP id m3TIf6UC022742 for ; Tue, 29 Apr 2008 14:41:06 -0400 Received: (from smtp@localhost) by ll.mit.edu (8.12.10/8.8.8) id m3TIewUo011433 for ; Tue, 29 Apr 2008 14:40:58 -0400 (EDT) In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com Cc: "linux-audit@redhat.com" List-Id: linux-audit@redhat.com Do you REALLY want to do this? your filesystem will just have more space taken up with duplicate information. Scott Ehrlich wrote: > Hello to all: > > I have Snare Agent and audit 1.5.2 running on a CentOS 5.0 box and a RHEL > 5.0 server. I ideally would like audit logs to be sent to both the > system's local audit.log file and to a log server. I reviewed the > /etc/audit/auditd.conf file and tried to play with things and move things > around, but an active watch of my log server's /var/log/syslog and local > machine's audit.log does NOT show simultaneous activity, leading me to > think it is either one way or the other, and that simultaneous local and > remote logging is not possible. > > Is there a way to get both? > > Thanks. > > Scott > > -- > Linux-audit mailing list > Linux-audit@redhat.com > https://www.redhat.com/mailman/listinfo/linux-audit