Hi,

 

Were trying to find a way to capture the linux audit data and then pass it thru to ausearch –I  and then send the data to our SEIM product for ingestion.

Does the audispd allow  the ausearch –I to be used as an arg?

What would be the best way to attempt this?

We would be collecting from hundreds of linux servers.

 

Thanks for your input.

 

 

Mark