topic auditd logging to syslogd in Operating System - Linux https://community.hpe.com/t5/operating-system-linux/auditd-logging-to-syslogd/m-p/4591843#M39932 hello, <BR /><BR />we use a central logger for syslog and take advantage of the @server_name in the syslogd.conf file. we also use the auditd to track files as defined in /etc/audit.rules which is logged to /var/log/audit/audit.log.<BR /><BR />our final need is to get the entries of audit.log to the central server. I would think that I can send audit logging (somehow) to syslog. I have found no way to do so that is "proper". i did find that when I have the audit servcice started and I kill the auditd process, the kernel loggs the audit events to syslog. this does not seem proper.<BR /><BR />also, the audisp (audit dispatcher), doesn't seem to have come with the audit RPM (it's not at /sbin/audispd) AND I don't think this is a solution.<BR /><BR />please help and suggest or direct how to achieve sending off the audit log entries to syslog (where they go to @server_name) OR another , maybe the correct way to get audit logging to a central server.<BR /><BR />thanks Fri, 26 Feb 2010 20:48:28 GMT Paul Wasik 2010-02-26T20:48:28Z auditd logging to syslogd https://community.hpe.com/t5/operating-system-linux/auditd-logging-to-syslogd/m-p/4591843#M39932 hello, <BR /><BR />we use a central logger for syslog and take advantage of the @server_name in the syslogd.conf file. we also use the auditd to track files as defined in /etc/audit.rules which is logged to /var/log/audit/audit.log.<BR /><BR />our final need is to get the entries of audit.log to the central server. I would think that I can send audit logging (somehow) to syslog. I have found no way to do so that is "proper". i did find that when I have the audit servcice started and I kill the auditd process, the kernel loggs the audit events to syslog. this does not seem proper.<BR /><BR />also, the audisp (audit dispatcher), doesn't seem to have come with the audit RPM (it's not at /sbin/audispd) AND I don't think this is a solution.<BR /><BR />please help and suggest or direct how to achieve sending off the audit log entries to syslog (where they go to @server_name) OR another , maybe the correct way to get audit logging to a central server.<BR /><BR />thanks Fri, 26 Feb 2010 20:48:28 GMT https://community.hpe.com/t5/operating-system-linux/auditd-logging-to-syslogd/m-p/4591843#M39932 Paul Wasik 2010-02-26T20:48:28Z