If I centralize audit logging through rsyslog, and I have each of the remote machines’ /etc/rsyslog.conf to use the same generic audit.log file name instead of customizing the audit logs with something like; HOSTNAME-audit.log, because
ausearch apparently only looks for a file specifically of the format audit.log…
Will the log-data submitted from the various hosts be consolidated into a single file? Will the ausearch command then be usable with the –if argument?
Warron French, MBA, SCSA