1AUDISP-REMOTE:(8)       System Administration Utilities      AUDISP-REMOTE:(8)
2
3
4

NAME

6       audisp-remote - plugin for remote logging
7

SYNOPSIS

9       audisp-remote
10

DESCRIPTION

12       audisp-remote  is  a plugin for the audit event dispatcher daemon, aud‐
13       ispd, that preforms remote logging to an aggregate logging server.
14
15

TIPS

17       If you are aggregating multiple machines, you should enable node infor‐
18       mation in the audit event stream. You can do this in one of two places.
19       If you want computer node names written to disk as well as sent in  the
20       realtime    event    stream,    edit    the   name_format   option   in
21       /etc/audit/auditd.conf. If you only want the node names in the realtime
22       event  stream,  then  edit  the  name_format option in /etc/audisp/aud‐
23       ispd.conf. Do not enable both as it will put 2 node fields in the event
24       stream.
25
26

SIGNALS

28       SIGUSR1
29              Causes  the  audisp-remote program to write the value of some of
30              its internal flags to syslog. The suspend flag tells whether  or
31              not  logging  has  been  suspended.  The transport_ok flag tells
32              whether or not the connection to the remote server  is  healthy.
33              The queue_size tells how many records are enqueued to be sent to
34              the remote server.
35
36       SIGUSR2
37              Causes the audisp-remote program to resume logging  if  it  were
38              suspended due to an error.
39
40

FILES

42       /etc/audisp/plugins.d/au-remote.conf, /etc/audit/auditd.conf, /etc/aud‐
43       isp/audispd.conf, /etc/audisp/audisp-remote.conf
44

SEE ALSO

46       audispd(8), auditd.conf(8), audispd.conf(8), audisp-remote.conf(5).
47

AUTHOR

49       Steve Grubb
50
51
52
53Red Hat                            Apr 2011                  AUDISP-REMOTE:(8)
Impressum