Re: Diskless workstation audit advice
On Tuesday, May 27, 2014 06:39:36 AM Burn Alting wrote:
My question is:
To collect AND transmit audit until the last possible moment, is the
logical place to perform the last collection and transmission operation
within the 'stop' function of /etc/init.d/auditd ?
The enrichment (calling ausearch -i) rules out syslog.
For sysVinit systems, yes.
-Steve