Re: audit 1.7.4 released
On Tue, 2008-05-27 at 11:16 -0500, LC Bruzenak wrote:
On Tue, 2008-05-27 at 12:10 -0400, Steve Grubb wrote:
...
> > Once we aggregate these would be tough to separate.
>
> That is why we added the node field. :) You should probably enable it with
> the name_format option.
I think I do have it:
[root@hugo audit]# grep name_format /etc/audit/auditd.conf
name_format = hostname
Isn't the audit dispatcher's role of adding the node name in the record?
If so, only records going through the audispd would have this field.
-K
--
Klaus Heinrich Kiwi
Security Development - IBM Linux Technology Center