Hi, Were trying to find a way to capture the linux audit data and then pass it thru to ausearch -I and then send the data to our SEIM product for ingestion. Does the audispd allow the ausearch -I to be used as an arg? What would be the best way to attempt this? We would be collecting from hundreds of linux servers.
Thanks for your input. Mark
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
