Provided by: audispd-plugins_2.4.5-1ubuntu2.1_amd64 bug

NAME

       audisp-remote - plugin for remote logging

SYNOPSIS

       audisp-remote

DESCRIPTION

       audisp-remote  is  a  plugin for the audit event dispatcher daemon, audispd, that preforms
       remote logging to an aggregate logging server.

TIPS

       If you are aggregating multiple machines, you should enable node information in the  audit
       event  stream.  You  can  do  this  in  one of two places. If you want computer node names
       written to disk as well as sent in the realtime event stream, edit the name_format  option
       in  /etc/audit/auditd.conf.  If you only want the node names in the realtime event stream,
       then edit the name_format option in /etc/audisp/audispd.conf. Do not  enable  both  as  it
       will put 2 node fields in the event stream.

SIGNALS

       SIGUSR1
              Causes  the  audisp-remote program to write the value of some of its internal flags
              to syslog. The suspend flag tells whether or not logging has  been  suspended.  The
              transport_ok  flag  tells  whether  or  not  the connection to the remote server is
              healthy. The queue_size tells how many records are  enqueued  to  be  sent  to  the
              remote server.

       SIGUSR2
              Causes  the  audisp-remote program to resume logging if it were suspended due to an
              error.

FILES

       /etc/audisp/plugins.d/au-remote.conf,  /etc/audit/auditd.conf,   /etc/audisp/audispd.conf,
       /etc/audisp/audisp-remote.conf

SEE ALSO

       audispd(8), auditd.conf(8), audispd.conf(8), audisp-remote.conf(5).

AUTHOR

       Steve Grubb