Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
ansible/roles/base/files/rsyslog/rsyslog-audit.conf
Kevin Fenzi 92549b5c05 Enter log01, bravest of the brave
2014-07-18 20:42:00 +00:00

13 lines
327 B
Text
Raw Blame History

# monitor auditd log and send out over local6 to central loghost
$ModLoad imfile.so
# auditd audit.log
$InputFileName /var/log/audit/audit.log
$InputFileTag tag_audit_log:
$InputFileStateFile audit_log
$InputFileSeverity info
$InputFileFacility local6
$InputRunFileMonitor
:msg, !contains, "type=AVC"
local6.* @@log01:514
Reference in a new issue View git blame Copy permalink