I'm currently using audisp with the syslog plugin to send audit logs off to a remote server for reduction and archiving, which for the most part, works reasonably well.
I understand auditd has its own facility for sending to a remote auditd collector, but haven't played with it. I've also considered using rsyslog with an imfile directive for /var/log/audit/audit.log. I'm sure there are options I've not considered -- what are other folks doing? -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
