If I centralize audit logging through rsyslog, and I have each of the remote machines'
/etc/rsyslog.conf to use the same generic audit.log file name instead of customizing the
audit logs with something like; HOSTNAME-audit.log, because ausearch apparently only looks
for a file specifically of the format audit.log...
Will the log-data submitted from the various hosts be consolidated into a single file?
Will the ausearch command then be usable with the -if argument?
Warron French, MBA, SCSA