Re: audit 1.7.4 released
On Tuesday 27 May 2008 12:57:28 Klaus Heinrich Kiwi wrote:
On Tue, 2008-05-27 at 11:16 -0500, LC Bruzenak wrote:
> On Tue, 2008-05-27 at 12:10 -0400, Steve Grubb wrote:
> ...
>
> > > Once we aggregate these would be tough to separate.
> >
> > That is why we added the node field. :) You should probably enable it
> > with the name_format option.
>
> I think I do have it:
>
> [root@hugo audit]# grep name_format /etc/audit/auditd.conf
> name_format = hostname
Isn't the audit dispatcher's role of adding the node name in the record?
If so, only records going through the audispd would have this field.
People may want the node name on disk as well as associated with events in the
real time stream. So, there are separate enablers.
-Steve