rsyslog 5.8 is ancient (8.18 is current), there should be a 7.x version
available through the redhat repos
I have never used the aureport tool, but from the example on the page, you can
give it the -f flag to specify a filename to look at.
David Lang
On Thu, 28 Apr 2016, Warron S French wrote:
Date: Thu, 28 Apr 2016 21:07:43 +0000
From: Warron S French <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: "[email protected]" <[email protected]>
Subject: [rsyslog] Centralized Logging - AUDIT specifically
Hello all, I am re-new to this Mailing List.
I am in need to satisfy a security requirement that enables audit log-data
traces being sent back to a Centralized Server. I sort of have this working ,
but I don't think the results are correct.
I have posted a question to
[email protected]<mailto:[email protected]> already, but so far no
one has replied to my specific plight.
I used the following URL from your site about 2 years ago (and again 1 year
ago) and now it is time for me to revisit this because the network is finally
going to go live. This URL looks close in comparison, but appears to be a
little more updated since last year at least:
http://wiki.rsyslog.com/index.php/Centralizing_the_audit_log
The arrangement of the information in the sections of that Url are more helpful
with tidbits of information associated (and identified better than 1 year ago).
The issues I am having with my configuration almost exactly the same, (and I
have attempted it exactly the same with no difference) is that when I run the
ausearch and aureport commands is that they ONLY LOOK at the Centralized Log
Server's audit.log file. The commands don't consider files that have
HOSTNAME_audit.log as a format. They also do not appear to work with
/var/log/audit/HOSTNAME/audit.log as a directory/filename format.
I really need this to work, and every time I come back to it there doesn't seem
to be anyone stepping up to support.
All of the workstations and the single server are running the same OS at the
same revision at the same patch level - and that is CentOS-6.7. The CentOS-6.7
systems are all running on HP hardware, and the version of rsyslog according
to: rpm -qa | grep syslog
Is = rsyslog-5.8.10-10.el6_6.x86_64
Please help me, this task with the centralizing of audit is killing me with
stress.
Warron French, MBA, SCSA
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
