Re: Audisp-remote - connection refused.

Hi Steve / List Now, I have built auditd from source as per the mail thread and then also created a startup script. The auditd is starting successfully. The client is able to connect to the aggregating server. *node=guslogs type=DAEMON_ACCEPT msg=audit(1507125123.240:7272): addr=192.168.103.2 port=60 res=success* I have made the necessary change in the server in /etc/audit/auditd.conf *log_format = NOLOG* I do not see any logs being populated - I checked log file on client, the server - also the /var/spool/audit/remote.log on the client. On the server side /var/spool/audit/remote.log is empty (I am not sure if this is something I should be checking at all) I am clueless as to what is happening. Is there some way to debug this? Where are these logs getting lost? When change the log_format back to RAW I do see the logs getting created on the client. I did my best reading on net and debugging this - but no success. Please help. On Wed, Oct 4, 2017 at 1:52 AM, Steve Grubb <sgrubb(a)redhat.com&gt; wrote: