NAME

       audisp-remote - plugin for remote logging

SYNOPSIS

       audisp-remote

DESCRIPTION

       audisp-remote is a plugin for the audit event dispatcher daemon, audispd, that preforms remote logging to
       an aggregate logging server.

TIPS

       If  you  are aggregating multiple machines, you should enable node information in the audit event stream.
       You can do this in one of two places. If you want computer node names written to disk as well as sent  in
       the  realtime  event  stream, edit the name_format option in /etc/audit/auditd.conf. If you only want the
       node names in the realtime event stream, then edit the name_format option in /etc/audisp/audispd.conf. Do
       not enable both as it will put 2 node fields in the event stream.

SIGNALS

       SIGUSR1
              Causes the audisp-remote program to write the value of some of its internal flags to  syslog.  The
              suspend  flag tells whether or not logging has been suspended. The transport_ok flag tells whether
              or not the connection to the remote server is healthy. The queue_size tells how many  records  are
              enqueued to be sent to the remote server.

       SIGUSR2
              Causes the audisp-remote program to resume logging if it were suspended due to an error.

FILES

       /etc/audisp/plugins.d/au-remote.conf,          /etc/audit/auditd.conf,          /etc/audisp/audispd.conf,
       /etc/audisp/audisp-remote.conf

SEE ALSO

       audispd(8), auditd.conf(8), audispd.conf(8), audisp-remote.conf(5).

AUTHOR

       Steve Grubb

Red Hat                                             Apr 2011                                   AUDISP-REMOTE:(8)