Hello,

In the midst of discussing sending audit logs from a Red Hat CoreOS node to some central audit collection and evaluation tool, the question came up about using audispd instead of Daemonsets. Daemonsets are what is planned for OpenShift. As I understand it, the general principle is to allow auditing to flow through the subsystem, but does it need to flow through the entire auditing workflow? Can a Daemonset be used instead of audispd, or are there reasons audispd should be used over a Daemonset that some of us just aren't aware of?

Thanks,

Gabriel Alford

Member of the technical staff

office of the chief technologist

red hat Public Sector

Red Hat

ralford@redhat.com    T: 972-707-6483    M: 303-550-7234