1AUDISP-REMOTE(8)        System Administration Utilities       AUDISP-REMOTE(8)
2
3
4

NAME

6       audisp-remote - plugin for remote logging
7

SYNOPSIS

9       audisp-remote
10

DESCRIPTION

12       audisp-remote  is a plugin for the audit event dispatcher that preforms
13       remote logging to an aggregate logging server.
14
15

TIPS

17       If you are aggregating multiple machines, you should  edit  auditd.conf
18       to  set  the  name_format to something meaningful and the log_format to
19       enriched. This way you can tell where the event came from and have  the
20       user  name and groups resolved locally before it is sent off of the ma‐
21       chine.
22
23

SIGNALS

25       SIGUSR1
26              Causes the audisp-remote program to write the value of  some  of
27              its  internal flags to syslog. The suspend flag tells whether or
28              not logging has been suspended. The remote_ended flag  tells  if
29              the  connection  was  broken  by  the server saying it can't log
30              events. The transport_ok flag tells whether or not  the  connec‐
31              tion  to  the remote server is healthy. The queue_size tells how
32              many records are enqueued to be sent to the remote server.
33
34       SIGUSR2
35              Causes the audisp-remote program to resume logging  if  it  were
36              suspended due to an error.
37
38

FILES

40       /etc/audit/audisp-remote.conf       /etc/audit/plugins.d/au-remote.conf
41       /etc/audit/auditd.conf
42

SEE ALSO

44       auditd.conf(8), auditd-plugins(5), audisp-remote.conf(5).
45

AUTHOR

47       Steve Grubb
48
49
50
51Red Hat                           August 2018                 AUDISP-REMOTE(8)
Impressum