On Thu, 2008-12-04 at 12:42 -0500, Steve Grubb wrote:
On Thursday 04 December 2008 12:21:29 LC Bruzenak wrote:
...
> How can I try to resend the events to the collector?
All audisp plugins take their data from stdin. You can pipe the raw output of
ausearch into audisp-remote and it should do the right thing.
OK, works for me...the last sent message on the collector is
identifiable, but do timestamps (with full precision) work as input to
the "-ts" switch?
I don't know how to remove duplicates (probably not be an issue anyway).
Thx,
LCB.
--
LC (Lenny) Bruzenak
lenny(a)magitekltd.com