On Friday, September 19, 2014 04:14:44 PM Marcus Inskip wrote:
I’m trying to change the logging facility of audispd to local2 to
send logs
off to a remote server via Rsyslog without logging twice is this possible?
The audisp-syslog plugin should do it. Just open
/etc/audisp/plugins.d/syslog.conf and add LOCAL2 to the args line. Then enable
the module and restart the audit daemon.
-Steve