Ubuntu Manpage: audisp-remote.conf - the audisp-remote configuration file

Provided by: audispd-plugins_1.7.4-1_i386

NAME

       audisp-remote.conf - the audisp-remote configuration file

DESCRIPTION

       audisp-remote.conf  is  the file that controls the configuration of the
       audit remote logging subsystem. The options that are available  are  as
       follows:

       remote_server
              This  is  a  one word character string that is the remote server
              hostname or address that this daemon will send  log  information
              to. This can be the numeric address or a resolvable hostname.

       port   This  option  is an unsigned integer that indicates what port to
              connect to on the remote machine.

       transport
              This parameter tells the remote logging app how to  send  events
              to  the remote system. Valid values are tcp, and ssl.  If set to
              tcp, the remote logging app will just make a normal  clear  text
              connection to the remote system.  ssl means that it will open an
              encrypted connection to the remote system.

       mode   This parameter tells the remote logging app what strategy to use
              getting   records   to  the  remote  system.  Valid  values  are
              immediate, and forward  .   If  set  to  immediate,  the  remote
              logging  app  will  attempt  to  send  events  immediately after
              getting them.  forward means that it will store  the  events  to
              disk  and  then  attempt  to send the records. If the connection
              cannot be made, it will queue records until it can connection to
              the  remote  system. The depth of the queue is controlled by the
              queue_depth option.

       queue_depth
              This option is an unsigned  integer  that  determines  how  many
              records  can  be  buffered to disk before considering it to be a
              failure sending. This parameter only affects the forward mode of
              the mode option. The default depth is 20.

       fail_action
              This  parameter  tells  the  system what action to take whenever
              there is an error detected when  sending  audit  events  to  the
              remote  system,  or if the remote system reports an error. Valid
              values are ignore, syslog, exec, suspend, single, and halt.   If
              set to ignore, the audit daemon does nothing.  Syslog means that
              it will issue a warning to syslog.   exec  /path-to-script  will
              execute  the  script.  You cannot pass parameters to the script.
              Suspend will cause  the  remote  logging  app  to  stop  sending
              records  to  the  remote  system.  The logging app will still be
              alive. The single option will cause the remote  logging  app  to
              put  the  computer system in single user mode.  halt option will
              cause the remote logging app to shutdown the computer system.

AUTHOR

       Steve Grubb

Ubuntu manuals

NAME

DESCRIPTION

SEE ALSO

AUTHOR