I'm having an issue trying to pull in audit logs from Ubuntu 14.04 with the graylog-collector using Snare as the auditing mechanism. It works great on CentOS 6.5, and I'd verified and reverified that the config is exactly the same between the two OSes. I can use the the "Standard" Audit package without any issue, the logs send over just fine. And actually, I just tried to have it send over the standard syslog (/var/log/syslog) and it won't send that over either..
I've tried with and without the content-splitter line and a few other options, but I still can't get it to send anything. I'm still assuming it's not reading the lines correctly.
Anyone run into any trouble with this before? Here's my config:
Hey All -
I'm having an issue trying to pull in audit logs from Ubuntu 14.04 with the graylog-collector using Snare as the auditing mechanism. It works great on CentOS 6.5, and I'd verified and reverified that the config is exactly the same between the two OSes. I can use the the "Standard" Audit package without any issue, the logs send over just fine. And actually, I just tried to have it send over the standard syslog (/var/log/syslog) and it won't send that over either..
I've tried with and without the content-splitter line and a few other options, but I still can't get it to send anything. I'm still assuming it's not reading the lines correctly.
Anyone run into any trouble with this before? Here's my config:
Thanks!