search

mtkirby / audisp-simplify

16 stars 4 forks source link

sending to remote server #5

Open claytondukes opened 4 years ago

claytondukes commented 4 years ago

Can I send the key/value format to a remote server instead of /var/log/audisp-simplify?

iyenigul commented 3 years ago

I added the following lines

 use Sys::Syslog;
            openlog("auditd", 'cons,pid', 'user');
            syslog('info', $log);
            closelog();

to send events to syslog in addition to file. 

 $log .= qq(\n);
            use Sys::Syslog;
            openlog("auditd", 'cons,pid', 'user');
            syslog('info', $log);
            closelog();
            open( LOGFILE, ">>", "$logfile" ) and do {
                print LOGFILE $log;
                close(LOGFILE);
            };
            delete $sh{$auditid};

then configured rsyslog to send logs to remote syslog server.