[rsyslog-notify] Forum Thread: Rsyslog and Remote Audit Logging - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Tue Jun 16 21:58:48 CEST 2015
User: LuckyLeavell
Forumlink: http://kb.monitorware.com/viewtopic.php?p=25708#p25708
Message:
----------
I read the following article in the Rsyslog Wiki:
<!-- m --><a class="postlink"
href="http://wiki.rsyslog.com/index.php/Centralizing_the_audit_log">http://wiki.rsyslog.com/index.php/Centr
... _audit_log</a><!-- m -->
Questions:
1. Do the rsyslog changes in the first part of the article do the same
thing as the audisp-remote logging toward the end of the article? In other
words do I need one or the other but not both to do remote audit logging?
2. Concerning the note on the SELinux affecting doing the rsyslog audit
logging on RHEL6, why not add a SELinux policy to allow rsyslog to read the
/var/log/audit/audit.log files?
I am using both RHEL5 and RHEL6.
Thank you,
Lucky
More information about the rsyslog-notify
mailing list