Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   29550 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

AUDISP-REMOTE:(8)	System Administration Utilities	     AUDISP-REMOTE:(8)

NAME
       audisp-remote - plugin for remote logging

SYNOPSIS
       audisp-remote

DESCRIPTION
       audisp-remote  is  a plugin for the audit event dispatcher daemon, aud‐
       ispd, that preforms remote logging to an aggregate logging server.

TIPS
       If you are aggregating multiple machines, you should enable node infor‐
       mation in the audit event stream. You can do this in one of two places.
       If you want computer node names written to disk as well as sent in  the
       realtime	   event    stream,    edit    the   name_format   option   in
       /etc/audit/auditd.conf. If you only want the node names in the realtime
       event  stream,  then  edit  the	name_format option in /etc/audisp/aud‐
       ispd.conf. Do not enable both as it will put 2 node fields in the event
       stream.

SIGNALS
       SIGUSR1
	      Causes  the  audisp-remote program to write the value of some of
	      its internal flags to syslog. The suspend flag tells whether  or
	      not  logging  has	 been  suspended.  The transport_ok flag tells
	      whether or not the connection to the remote server  is  healthy.
	      The queue_size tells how many records are enqueued to be sent to
	      the remote server.

       SIGUSR2
	      Causes the audisp-remote program to resume logging  if  it  were
	      suspended due to an error.

FILES
       /etc/audisp/plugins.d/au-remote.conf, /etc/audit/auditd.conf, /etc/aud‐
       isp/audispd.conf, /etc/audisp/audisp-remote.conf

SEE ALSO
       audispd(8), auditd.conf(8), audispd.conf(8), audisp-remote.conf(5).

AUTHOR
       Steve Grubb

Red Hat				   Apr 2011		     AUDISP-REMOTE:(8)

Vote for polarhome