Hello All!

I have a question.


Let's assume we have client's audit service and audit gatherer placed on
a remote host.

Using au-remote plugin client sends logs to remote.


Let's stop (do not start then) remote's audit service and restart
client's one.

After that overcome max_restarts limit (e.g. default 10) from
/etc/audisp/audispd.conf by audit's events.

Then start remote's audit service and trigger any audit event on client.
But audisp-remote process is dead ("plugin /sbin/audisp-remote has
exceeded max_restarts").


How can i solve this issue without client's audit service
restart? Is it possible by any settings/configs?


Any help would be appreciated.

Thank you in advance.







Attachment: signature.asc
Description: OpenPGP digital signature

--
Linux-audit mailing list
Linux-audit@redhat.com
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to