Re: Help with auditd.conf
Which version of Snare are you running? If it's on an RHEL 5 server, I would assume
version 1.3. If so, shouldn't you be modifying /etc/snare.conf in order to do this?
Ed Christiansen <edwardc(a)ll.mit.edu> wrote: Do you REALLY want to do this? your
filesystem
will just have more space taken up with duplicate
information.
Scott Ehrlich wrote:
Hello to all:
I have Snare Agent and audit 1.5.2 running on a CentOS 5.0 box and a RHEL
5.0 server. I ideally would like audit logs to be sent to both the
system's local audit.log file and to a log server. I reviewed the
/etc/audit/auditd.conf file and tried to play with things and move things
around, but an active watch of my log server's /var/log/syslog and local
machine's audit.log does NOT show simultaneous activity, leading me to
think it is either one way or the other, and that simultaneous local and
remote logging is not possible.
Is there a way to get both?
Thanks.
Scott
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
--
Linux-audit mailing list
Linux-audit(a)redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Attachments:
- attachment.html (text/html — 1.7 KB)