RE: Linux Auditd app for Splunk
The splunk app seems very promising.
Is there a way to use it when audit records are sent to a central syslog server before
feeding Splunk.
For now, the auditd record are prefixed by syslog information when received by Splunk.
Regards
Philippe
-----Message d'origine-----
De : linux-audit-bounces(a)redhat.com [mailto:linux-audit-bounces@redhat.com] De la part de
linux-audit-request(a)redhat.com
Envoyé : jeudi 31 mars 2016 18:00
À : linux-audit(a)redhat.com
Objet : Linux-audit Digest, Vol 138, Issue 9
Send Linux-audit mailing list submissions to
linux-audit(a)redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/linux-audit
or, via email, send a message with subject or body 'help' to
linux-audit-request(a)redhat.com
You can reach the person managing the list at
linux-audit-owner(a)redhat.com
When replying, please edit your Subject line so it is more specific than "Re:
Contents of Linux-audit digest..."
Today's Topics:
1. Linux Auditd app for Splunk (Douglas Brown)
2. Re: auditd reports port number '0' for connect() system call
(Steve Grubb)
3. Re: Linux Auditd app for Splunk (Steve Grubb)
4. Re: Linux Auditd app for Splunk (F Rafi)
5. Re: Linux Auditd app for Splunk (Douglas Brown)
6. Re: auditd reports port number '0' for connect() system call
(Kangkook Jee)
7. Re: auditd reports port number '0' for connect() system call
(Kangkook Jee)
8. [PATCH] audit: cleanup prune_tree_thread (Jiri Slaby)
----------------------------------------------------------------------
Message: 1
Date: Wed, 30 Mar 2016 22:34:39 +0000
From: Douglas Brown <doug.brown(a)qut.edu.au>
To: "linux-audit(a)redhat.com" <linux-audit(a)redhat.com>
Subject: Linux Auditd app for Splunk
Message-ID: <64E84EA2-7954-4B57-857C-DD3B1009A0CB(a)qut.edu.au>
Content-Type: text/plain; charset="utf-8"
Hi all,
This week I released version 2 of the Linux Auditd app for Splunk:
https://splunkbase.splunk.com/app/2642/
Be sure to let me know if you have any suggestions for improvements.
Cheers,
Doug