Hi Scott, A suggestion, why dont you try a tool like ossec (www.ossec.net). You can centralize your logs and create policies to read any log you want. -- ======================================== Marcos Aurelio Rodrigues (DEiGrAtiA-33) <deigratia33@xxxxxxxxx> CCNA, MCSO, Security+ Mirabilia laudo semprer, Dei ======================================== On Wed, Apr 23, 2008 at 1:33 PM, Scott R. Ehrlich <scott@xxxxxxx> wrote: > I am looking at using all in-house tools (syslog.conf, > /etc/sysconfig/syslog, and gnome-log-viewer or have the log file go to a > web-accessed file), with everything being logged to /var/log/master_log_file > or /var/www/master_log_file. > > What the master_log_file doesn't capture are the entries in audit.log. If > I use the viewer to review audit.log, I get the raw date/time stamp format, > which is not human readable. > > So, how can I get audit.log (from all clients) details to pipe (really > also get copied) to the master_log_file, and, along the way, be properly > interpreted by ausearch -i so I can actually tell the proper date/time of > the entries? > > Thanks. > > Scott > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
