Remotely logging audit rules.

Tuesday, 1 November 2005

I got a development request to see how much work it would take to do.
Our policy wags want to have all object audit events (or whatever the
real term for that is...)  to be sent both locally and remotely. The
reason is a supposed policy for checking the local logs against remote
logs to see if they have been tampered with and for being able to
train a SIM to look for events in the centralized logs.

My 5000 foot question is how would the best way to implement this be?
For the current RHEL 4 I would probably need some sort of tail -f xxx
| logger type script.

--
Stephen J Smoogen.
CSIRT/Linux System Administrator

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Remotely logging audit rules.