Kevin, Have you thought of locally processing the logs using ausearch -i (which does the conversion you want) and then transmitting the locally interpreted logs to your SIEM?
On Tue, 2016-10-04 at 10:13 -0400, Kevin Brown wrote: > Thanks for the responses so far > -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
