audit.log Ubuntu

[Landless-Victory]

Hey All -

I'm having an issue trying to pull in audit logs from Ubuntu 14.04 with the graylog-collector using Snare as the auditing mechanism. It works great on CentOS 6.5, and I'd verified and reverified that the config is exactly the same between the two OSes. I can use the the "Standard" Audit package without any issue, the logs send over just fine. And actually, I just tried to have it send over the standard syslog (/var/log/syslog) and it won't send that over either..

I've tried with and without the content-splitter line and a few other options, but I still can't get it to send anything. I'm still assuming it's not reading the lines correctly.

Anyone run into any trouble with this before? Here's my config:

server-url = "http://loggingserver:12900"
enable-registration = true
collector-id = "file:/etc/graylog/collector/collector-id"

inputs {
   auditd {
       type = "file"
       path = "/var/log/audit/audit.log"
       content-splitter = "newline"
   }
}

outputs {
  gelf-tcp {
    type = "gelf"
    host = "loggingserver"
    port = 12201
     }
  console {
    type = "stdout"
  }
}

Thanks!

[Landless-Victory]

Nevermind.. I figured it out.. Make sure that the time is not 8+ hours off between the clients and the server... whoops..