1AUDISP-SYSLOG:(8)       System Administration Utilities      AUDISP-SYSLOG:(8)
2
3
4

NAME

6       audisp-syslog - plugin to push audit events into syslog
7

SYNOPSIS

9       audisp-syslog [ OPTIONS ]
10

DESCRIPTION

12       audisp-syslog  is  a  plugin  for the audit event dispatcher that wraps
13       audit events back around to syslog. It can be passed two options  which
14       set  the  facility  and  level  that  all events are logged with. Valid
15       facilities are LOG_LOCAL0 through 7, LOG_AUTH,  LOG_AUTHPRIV,  LOG_DAE‐
16       MON,  LOG_SYSLOG,  and  LOG_USER.  Valid  levels  are LOG_DEBUG through
17       LOG_EMERG. Setting these options is done in the  /etc/audit/syslog.conf
18       file on the args line.
19
20       If  you  are aggregating multiple machines, you should edit auditd.conf
21       to set the name_format to something meaningful and  the  log_format  to
22       enriched.  This way you can tell where the event came from and have the
23       user name and groups resolved locally before it  is  sent  off  of  the
24       machine.
25
26

FILES

28       /etc/audit/syslog.conf /etc/audit/auditd.conf
29

SEE ALSO

31       auditd.conf(8), auditd-plugins(5), syslog(3).
32

AUTHOR

34       Steve Grubb
35
36
37
38Red Hat                           August 2018                AUDISP-SYSLOG:(8)
Impressum