Provided by: audispd-plugins_2.4.5-1ubuntu2_i386 bug

NAME

       audisp-remote - plugin for remote logging

SYNOPSIS

       audisp-remote

DESCRIPTION

       audisp-remote  is  a  plugin  for  the  audit  event dispatcher daemon,
       audispd, that preforms remote logging to an aggregate logging server.

TIPS

       If you are  aggregating  multiple  machines,  you  should  enable  node
       information  in  the  audit event stream. You can do this in one of two
       places. If you want computer node names written to disk as well as sent
       in   the   realtime  event  stream,  edit  the  name_format  option  in
       /etc/audit/auditd.conf. If you only want the node names in the realtime
       event     stream,    then    edit    the    name_format    option    in
       /etc/audisp/audispd.conf. Do not enable both as  it  will  put  2  node
       fields in the event stream.

SIGNALS

       SIGUSR1
              Causes  the  audisp-remote program to write the value of some of
              its internal flags to syslog. The suspend flag tells whether  or
              not  logging  has  been  suspended.  The transport_ok flag tells
              whether or not the connection to the remote server  is  healthy.
              The queue_size tells how many records are enqueued to be sent to
              the remote server.

       SIGUSR2
              Causes the audisp-remote program to resume logging  if  it  were
              suspended due to an error.

FILES

       /etc/audisp/plugins.d/au-remote.conf,           /etc/audit/auditd.conf,
       /etc/audisp/audispd.conf, /etc/audisp/audisp-remote.conf

SEE ALSO

       audispd(8), auditd.conf(8), audispd.conf(8), audisp-remote.conf(5).

AUTHOR

       Steve Grubb