Re: New draft standards

I use a proprietary ELK-like system based on ausearch's -i option. I would like to see some variant outputs from ausearch that "packages" events into parse-friendly formats (json, xml) that also incorporates the local transformations Steve proposes. I believe this would be the most generic solution to support centralised log management. I am travelling now, but can write up a specification for review next week. Burn Alting On 15 Dec 2015 4:13 am, <Kevin.Dienst(a)usbank.com&gt; wrote: via RabbitMQ based collectors and dumps them in raw form. From there I have access to all the usual "big data" tools albeit I'm not using Flume just yet, we're still trying to get a handle on operationalizing all the various big data component so that data science developers can focus on development instead of operations and support of the hardware/software ecosystem. dual-routing a substantial portion of the logs from across the infrastructure to ELK, as well. linux-audit(a)redhat.com&gt; they since changed. the