1AUDISP-SYSLOG(8)        System Administration Utilities       AUDISP-SYSLOG(8)
2
3
4

NAME

6       audisp-syslog - plugin to push audit events into syslog
7

SYNOPSIS

9       audisp-syslog [ OPTIONS ]
10

DESCRIPTION

12       audisp-syslog is a plugin for the audit event dispatcher that wraps au‐
13       dit events back around to syslog. It can be passed three  options:  one
14       which  is  the  syslog  facility, one that is the syslog level that all
15       events are logged with, and one that determines if events should be in‐
16       terpreted. Valid facilities are LOG_LOCAL0 through 7, LOG_AUTH, LOG_AU‐
17       THPRIV, LOG_DAEMON, LOG_SYSLOG, and LOG_USER. Valid levels are  LOG_DE‐
18       BUG  through  LOG_EMERG.  Setting these options is done in the /etc/au‐
19       dit/syslog.conf file on the args line.
20
21       If it is desired that events are interpreted, add the word interpret to
22       the  args line. This will cause all events to be interpreted. The draw‐
23       back to this approach is that naive parsers can be tricked by an adver‐
24       sary  that has the ability to name files, processes, or other user con‐
25       trolled objects.
26
27       If you are aggregating multiple machines, you should  edit  auditd.conf
28       to  set  the  name_format to something meaningful and the log_format to
29       enriched. This way you can tell where the event came from and have  the
30       user  name and groups resolved locally before it is sent off of the ma‐
31       chine.
32
33

FILES

35       /etc/audit/syslog.conf /etc/audit/auditd.conf
36

SEE ALSO

38       auditd.conf(8), auditd-plugins(5), syslog(3).
39

AUTHOR

41       Steve Grubb
42
43
44
45Red Hat                           August 2018                 AUDISP-SYSLOG(8)
Impressum