Here my opinion or I feel comfortable to make this default value false and pass this variable throw
class auditd::audisp::syslog (
$active = true,
$args = 'LOG_INFO',
}
I mean control parameter values from top level
So why this is coming into my mind?
Because enabling auidt log into syslog might be causing the system overhead.
So make sure if someone really want to enable this.
I uderstand that if someone want to enable syslog for auditd then calling class
auditd::audisp::syslog
will makeactive = true
as this is hard coded define in https://github.com/kemra102/puppet-auditd/blob/master/manifests/audisp/plugin.pp#L2Here my opinion or I feel comfortable to make this default value
false
and pass this variable throwI mean control parameter values from top level
So why this is coming into my mind? Because enabling auidt log into syslog might be causing the system overhead. So make sure if someone really want to enable this.