Hello All!

I have a question.

Let's assume we have client's audit service and audit gatherer placed on
a remote host.

Using au-remote plugin client sends logs to remote.

Let's stop (do not start then) remote's audit service and restart
client's one.

After that overcome max_restarts limit (e.g. default 10) from
/etc/audisp/audispd.conf by audit's events.

Then start remote's audit service and trigger any audit event on client.
But audisp-remote process is dead ("plugin /sbin/audisp-remote has
exceeded max_restarts").

How can i solve this issue without client's audit service
restart? Is it possible by any settings/configs?

Any help would be appreciated.

Thank you in advance.

Attachment: signature.asc
Description: OpenPGP digital signature

Linux-audit mailing list

Reply via email to