Re: audisp-prelude problems
On Wednesday 03 December 2008 11:53:19 Loredan Stancu wrote:
Supposing the remote system is an SElinux machine (a machine which
stores
all the user activity send by audisp-remote plugins. There are more then
one machine for which I want to store events) what should I do on this
machine to keep separate file events for each machine
The current design of the audit system is to aggregate all logs in a unifield
format. Ausearch and report are node aware and can separate records based on
the originating node.
ausearch --start today --node 192.168.1.1
This of course assumes that you took the step of selecting a node name in
/etc/audisp/audispd.conf. :)
-Steve