Provided by: audispd-plugins_2.8.2-1ubuntu1.1_amd64 
NAME
audisp-remote - plugin for remote logging
SYNOPSIS
audisp-remote
DESCRIPTION
audisp-remote is a plugin for the audit event dispatcher daemon, audispd, that preforms remote logging to
an aggregate logging server.
TIPS
If you are aggregating multiple machines, you should enable node information and enriched events in the
audit event stream. You can do this in one of two places. If you want computer node names written to disk
as well as sent in the realtime event stream, edit the name_format option in /etc/audit/auditd.conf. This
is the best option for enriched events. If you only want the node names in the realtime event stream,
then edit the name_format option in /etc/audisp/audispd.conf. Do not enable both as it will put 2 node
fields in the event stream.
SIGNALS
SIGUSR1
Causes the audisp-remote program to write the value of some of its internal flags to syslog. The
suspend flag tells whether or not logging has been suspended. The remote_ended flage tells if the
connection was broken by the server saying it can't log events. The transport_ok flag tells
whether or not the connection to the remote server is healthy. The queue_size tells how many
records are enqueued to be sent to the remote server.
SIGUSR2
Causes the audisp-remote program to resume logging if it were suspended due to an error.
FILES
/etc/audisp/plugins.d/au-remote.conf, /etc/audit/auditd.conf, /etc/audisp/audispd.conf,
/etc/audisp/audisp-remote.conf
SEE ALSO
audispd(8), auditd.conf(8), audispd.conf(8), audisp-remote.conf(5).
AUTHOR
Steve Grubb