> Just as an aside, I was sending in the auditctl event because I do not > see the "node=" information in the ausearch results on my collector. > So I wasn't certain which machine might be initiating the event.
Locally generated events won't have the node= (at least, on my machine they don't). Remotely generated events should have the node= on them. -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
