Hello to all:
I have Snare Agent and audit 1.5.2 running on a CentOS 5.0 box and a RHEL
5.0 server. I ideally would like audit logs to be sent to both the
system's local audit.log file and to a log server. I reviewed the
/etc/audit/auditd.conf file and tried to play with things and move things
around, but an active watch of my log server's /var/log/syslog and local
machine's audit.log does NOT show simultaneous activity, leading me to
think it is either one way or the other, and that simultaneous local and
remote logging is not possible.
Is there a way to get both?
Thanks.
Scott
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
