Re: audit collector startup help
After looking at this I had a hunch - the collector machine is
32-bit,
the sender 64-bit.
And the magic number has the high bit set. I wonder if there's a sign
extension in there somewhere?
Can you try between two 32 bit hosts?
I assume that all events on the sender make it to the collector. Is
this
true always?
I didn't add any filters - anything that makes it to audisp-remote
eventually gets queued in the server's event queue.
But I cannot see this event on the collector.
All remote messages will have "node=" in them somewhere. Can you grep
for that manually in your server's audit logs? I wonder if ausearch
is skipping them.