All:
I have a quick question about the name_format parameter in audispd.conf. When selecting options that require a dns lookup are these issued for each record, or is the dns lookup issued one-time at startup? If dns lookup is done for each record I’d prefer
to use USER and NAME to force the issue, though if not I’d rather just use the same file on all my servers.
I want to log both locally and to a central server. So which file should this be specified in /etc/audit/auditd.conf or /etc/audisp/audispd.conf or both?
Thanks in advance for any suggestions.
Regards,
Jim Richard