capturing audit data with ausearch -i
Hi,
Were trying to find a way to capture the linux audit data and then pass it thru to
ausearch -I and then send the data to our SEIM product for ingestion.
Does the audispd allow the ausearch -I to be used as an arg?
What would be the best way to attempt this?
We would be collecting from hundreds of linux servers.
Thanks for your input.
Mark
Attachments:
- attachment.html (text/html — 926 bytes)