Provided by: audispd-plugins_1.7.4-1_i386
audisp-remote.conf - the audisp-remote configuration file
audisp-remote.conf is the file that controls the configuration of the
audit remote logging subsystem. The options that are available are as
This is a one word character string that is the remote server
hostname or address that this daemon will send log information
to. This can be the numeric address or a resolvable hostname.
port This option is an unsigned integer that indicates what port to
connect to on the remote machine.
This parameter tells the remote logging app how to send events
to the remote system. Valid values are tcp, and ssl. If set to
tcp, the remote logging app will just make a normal clear text
connection to the remote system. ssl means that it will open an
encrypted connection to the remote system.
mode This parameter tells the remote logging app what strategy to use
getting records to the remote system. Valid values are
immediate, and forward . If set to immediate, the remote
logging app will attempt to send events immediately after
getting them. forward means that it will store the events to
disk and then attempt to send the records. If the connection
cannot be made, it will queue records until it can connection to
the remote system. The depth of the queue is controlled by the
This option is an unsigned integer that determines how many
records can be buffered to disk before considering it to be a
failure sending. This parameter only affects the forward mode of
the mode option. The default depth is 20.
This parameter tells the system what action to take whenever
there is an error detected when sending audit events to the
remote system, or if the remote system reports an error. Valid
values are ignore, syslog, exec, suspend, single, and halt. If
set to ignore, the audit daemon does nothing. Syslog means that
it will issue a warning to syslog. exec /path-to-script will
execute the script. You cannot pass parameters to the script.
Suspend will cause the remote logging app to stop sending
records to the remote system. The logging app will still be
alive. The single option will cause the remote logging app to
put the computer system in single user mode. halt option will
cause the remote logging app to shutdown the computer system.