From df5afa4fcd9725380f94ca6476248d4cc24f889a Mon Sep 17 00:00:00 2001 From: Ashlee Young Date: Sun, 29 Nov 2015 08:22:13 -0800 Subject: v2.4.4 audit sources Change-Id: I9315a7408817db51edf084fb4d27fbb492785084 Signed-off-by: Ashlee Young --- .../audit/audisp/plugins/remote/audisp-remote.8 | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 framework/src/audit/audisp/plugins/remote/audisp-remote.8 (limited to 'framework/src/audit/audisp/plugins/remote/audisp-remote.8') diff --git a/framework/src/audit/audisp/plugins/remote/audisp-remote.8 b/framework/src/audit/audisp/plugins/remote/audisp-remote.8 new file mode 100644 index 00000000..6f3b5fe6 --- /dev/null +++ b/framework/src/audit/audisp/plugins/remote/audisp-remote.8 @@ -0,0 +1,34 @@ +.TH AUDISP-REMOTE: "8" "Apr 2011" "Red Hat" "System Administration Utilities" +.SH NAME +audisp-remote \- plugin for remote logging +.SH SYNOPSIS +.B audisp-remote +.SH DESCRIPTION +\fBaudisp-remote\fP is a plugin for the audit event dispatcher daemon, audispd, that preforms remote logging to an aggregate logging server. + +.SH TIPS +If you are aggregating multiple machines, you should enable node information in the audit event stream. You can do this in one of two places. If you want computer node names written to disk as well as sent in the realtime event stream, edit the name_format option in /etc/audit/auditd.conf. If you only want the node names in the realtime event stream, then edit the name_format option in /etc/audisp/audispd.conf. Do not enable both as it will put 2 node fields in the event stream. + +.SH SIGNALS +.TP +SIGUSR1 +Causes the audisp-remote program to write the value of some of its internal flags to syslog. The +.IR suspend +flag tells whether or not logging has been suspended. The +.IR transport_ok +flag tells whether or not the connection to the remote server is healthy. The +.IR queue_size +tells how many records are enqueued to be sent to the remote server. +.TP +SIGUSR2 +Causes the audisp-remote program to resume logging if it were suspended due to an error. + +.SH FILES +/etc/audisp/plugins.d/au-remote.conf, /etc/audit/auditd.conf, /etc/audisp/audispd.conf, /etc/audisp/audisp-remote.conf +.SH "SEE ALSO" +.BR audispd (8), +.BR auditd.conf(8), +.BR audispd.conf(8), +.BR audisp-remote.conf(5). +.SH AUTHOR +Steve Grubb -- cgit 1.2.3-korg