Re: Auditing network traffic
On Thursday, January 21, 2016 10:49:37 PM Lev Stipakov wrote:
Sorry, I probably was not clear here. I am able to catch packets by
adding iptables rules like ones you've mentioned and process events
(with record type AUDIT_NETFILTER_PKT) by code inside my plugin.
The problem is, I would prefer them not to be written to logfiles. My
business logic does not require that (everything is handled by plugin
code), and I noticed that logs are rotated quite fast (I capture all
incoming/outgoing packets). So, is there any way to disable logging and
make audit deliver those events to plugin only?
In /etc/audit/auditd.conf make log_firmat like this:
log_format = NOLOG
and auditd will not log anything to disk.
-Steve