I want to send my auditd messages to our local log collector via
syslog-ng, what is the recommended why of doing this? Can I enter
syslog-ng as the dispatcher or do I need to first send the logs to disk
then read from the audit.log file. I have no reason to store these
messages on disk. This might be out of the realm of this group , but any
syslog-ng config recommendation would be appreciated.
As you can see from my question I'm a novice when it comes to auditd and
syslog-ng. I've read all resource materials found in
/usr/share/doc/packages/audit and googled a lot of good information and
have learned a great deal from monitoring this forum, but I'm still
struggling with auditd. Does anyone know if Redhat or anyone else offers
training for auditd or can you recommend any books that might help?
Thanks...
Larry E. Erdahl
Information Security Services
Computer Security Incident Response Team (CSIRT)
1 Meridian Crossing
Richfield, MN 55423
Mail Code: EP-MN-MS6I
Office Phone: (612)973-7153
U.S. BANCORP made the following annotations
---------------------------------------------------------------------
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is,
or may be, covered by electronic communications privacy laws, and is also confidential and
proprietary in nature. If you are not the intended recipient, please be advised that you
are legally prohibited from retaining, using, copying, distributing, or otherwise
disclosing this information in any manner. Instead, please reply to the sender that you
have received this communication in error, and then immediately delete it. Thank you in
advance for your cooperation.
---------------------------------------------------------------------