From mboxrd@z Thu Jan  1 00:00:00 1970
From: John Dennis <jdennis@redhat.com>
Subject: Re: [PATCH] Add auditd listener and remote audit protocol
Date: Thu, 14 Aug 2008 19:16:54 -0400
Message-ID: <48A4BCE6.5020607@redhat.com>
References: <200808142143.m7ELh0MP028560@greed.delorie.com>	
	<1218751136.7022.206.camel@homeserver>	
	<200808142216.m7EMGILI029666@greed.delorie.com>
	<48A4B914.80306@redhat.com> <1218754970.7022.231.camel@homeserver>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1958694525=="
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <1218754970.7022.231.camel@homeserver>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: LC Bruzenak <lenny@magitekltd.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

This is a multi-part message in MIME format.
--===============1958694525==
Content-Type: multipart/alternative;
	boundary="------------010708020505090304040207"

This is a multi-part message in MIME format.
--------------010708020505090304040207
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

LC Bruzenak wrote:
> On Thu, 2008-08-14 at 19:00 -0400, John Dennis wrote:
>   
>> DJ Delorie wrote:
>>     
>>> The net result is to aggregate audit logs from many systems onto one
>>> central audit server.  Remote audit messages have the new "node=" tag
>>> on them so you know where they came from.
>>>   
>>>       
>> The field name was "host", is the "node=" a typo or did the field name 
>> change?
>>
>>     
>
> Mine say "node=".
>   

The "host" field was added to audit records almost a year ago, although 
if memory serves me correctly you have to enable it as a configuration 
option. Is the node field redundant with host or did node supercede host?

-- 
John Dennis <jdennis@redhat.com>


--------------010708020505090304040207
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
LC Bruzenak wrote:
<blockquote cite="mid:1218754970.7022.231.camel@homeserver" type="cite">
  <pre wrap="">On Thu, 2008-08-14 at 19:00 -0400, John Dennis wrote:
  </pre>
  <blockquote type="cite">
    <pre wrap="">DJ Delorie wrote:
    </pre>
    <blockquote type="cite">
      <pre wrap="">The net result is to aggregate audit logs from many systems onto one
central audit server.  Remote audit messages have the new "node=" tag
on them so you know where they came from.
  
      </pre>
    </blockquote>
    <pre wrap="">The field name was "host", is the "node=" a typo or did the field name 
change?

    </pre>
  </blockquote>
  <pre wrap=""><!---->
Mine say "node=".
  </pre>
</blockquote>
<br>
The "host" field was added to audit records almost a year ago, although
if memory serves me correctly you have to enable it as a configuration
option. Is the node field redundant with host or did node supercede
host?<br>
<pre class="moz-signature" cols="72">-- 
John Dennis <a class="moz-txt-link-rfc2396E" href="mailto:jdennis@redhat.com">&lt;jdennis@redhat.com&gt;</a>
</pre>
</body>
</html>

--------------010708020505090304040207--


--===============1958694525==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============1958694525==--