Provided by: audispd-plugins_2.8.5-2ubuntu1_amd64 bug

NAME

       audisp-remote - plugin for remote logging

SYNOPSIS

       audisp-remote

DESCRIPTION

       audisp-remote  is  a  plugin for the audit event dispatcher daemon, audispd, that preforms
       remote logging to an aggregate logging server.

TIPS

       If you are aggregating multiple machines, you should enable node information and  enriched
       events  in  the  audit  event  stream.  You  can do this in one of two places. If you want
       computer node names written to disk as well as sent in the realtime event stream, edit the
       name_format option in /etc/audit/auditd.conf. This is the best option for enriched events.
       If you only want the node names in the realtime event stream, then  edit  the  name_format
       option in /etc/audisp/audispd.conf. Do not enable both as it will put 2 node fields in the
       event stream.

SIGNALS

       SIGUSR1
              Causes the audisp-remote program to write the value of some of its  internal  flags
              to  syslog.  The  suspend flag tells whether or not logging has been suspended. The
              remote_ended flage tells if the connection was broken by the server saying it can't
              log events. The transport_ok flag tells whether or not the connection to the remote
              server is healthy. The queue_size tells how many records are enqueued to be sent to
              the remote server.

       SIGUSR2
              Causes  the  audisp-remote program to resume logging if it were suspended due to an
              error.

FILES

       /etc/audisp/plugins.d/au-remote.conf,  /etc/audit/auditd.conf,   /etc/audisp/audispd.conf,
       /etc/audisp/audisp-remote.conf

SEE ALSO

       audispd(8), auditd.conf(8), audispd.conf(8), audisp-remote.conf(5).

AUTHOR

       Steve Grubb