Provided by: audispd-plugins_4.0.1-1ubuntu2_amd64 bug

NAME

       audisp-remote - plugin for remote logging

SYNOPSIS

       audisp-remote

DESCRIPTION

       audisp-remote  is  a plugin for the audit event dispatcher that performs remote logging to
       an aggregate logging server.

TIPS

       If you are  aggregating  multiple  machines,  you  should  edit  auditd.conf  to  set  the
       name_format  to something meaningful and the log_format to enriched. This way you can tell
       where the event came from and have the user name and groups resolved locally before it  is
       sent off of the machine.

SIGNALS

       SIGUSR1
              Causes  the  audisp-remote program to write the value of some of its internal flags
              to syslog. The suspend flag tells whether or not logging has  been  suspended.  The
              remote_ended  flag tells if the connection was broken by the server saying it can't
              log events. The transport_ok flag tells whether or not the connection to the remote
              server is healthy. The queue_size tells how many records are enqueued to be sent to
              the remote server.

       SIGUSR2
              Causes the audisp-remote program to resume logging if it were suspended due  to  an
              error.

FILES

       /etc/audit/audisp-remote.conf /etc/audit/plugins.d/au-remote.conf /etc/audit/auditd.conf

SEE ALSO

       auditd.conf(8), auditd-plugins(5), audisp-remote.conf(5).

AUTHOR

       Steve Grubb