<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="generator" content="Osso Notes">
<title></title></head>
<body>
<p>Hi,
<br>
<br>you probably need to tell auditd to log to syslog on the client hosts.
<br>
<br>
<br>----- Original message -----
<br>> Hi Folks,
<br>>
<br>> Need your help !
<br>>
<br>> Want to configure a centralized Audit server (Currently the centralized
<br>> server is running Octopussy Web interface,  which receives logs from
<br>> remote hosts by Rsyslog ).
<br>>
<br>> The challenge and confusion here is .. all my linux clients are
<br>> configured with syslog-ng and the daemon is sending all the system logs
<br>> and kernel logs like messages,secure,cron logs etc ... with out any
<br>> trouble.
<br>>
<br>> The problem is the syslog-ng daemon is not able to send the auidtd logs
<br>> (/var/log/audit.log) to the Rsyslog server,
<br>>
<br>> Hence request your help to guide me how to setup the syslog-ng to forward
<br>> the audit.log to the remote Rsyslog server.
<br>>
<br>> It would be great if i can get client side and server side configuration
<br>> guidelines.
<br>>
<br>> --
<br>> Thanks in Advance
<br>> - Koresh
<br><br></p>
</body>
</html>