ausearch read through the file every time, it might not be time-efficient, isn't it?
Anyway, I use a modified audit package that write syslog directly, instead of audit.log On Wed, Dec 11, 2013 at 6:17 AM, Levy, Mark (ESS) <[email protected]> wrote: > Hi, > > Were trying to find a way to capture the linux audit data and then pass it > thru to ausearch –I and then send the data to our SEIM product for > ingestion. > Does the audispd allow the ausearch –I to be used as an arg? > What would be the best way to attempt this? > We would be collecting from hundreds of linux servers. > > Thanks for your input. > > > Mark > > > -- > Linux-audit mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/linux-audit -- Best Regards, Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com ) Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
