On Tue, Oct 11, 2011 at 01:56:04PM -0600, Kevin Fenzi wrote: > > I'd like to try stopping auditd and having selinux audit messages go to > rsyslog (and thus be captured over on log02). This way we can have > epylog process those logs, they can be remote so we can have a remote > copy of them. > <snip> > > Thoughts? downsides? Alternate plans? Auditd supports both logging to syslog (ref: /etc/audisp/plugins.d/syslog.conf) and to remote audit servers trough audispd-plugins (/etc/audisp/plugins.d/au-remote.conf). Would it not be better to use one of those ? -jf _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
