I am trying to configure syslog-ng to send the audit.log file to a remote server. I always get a permission denied on the file unless i disable apparmor.. I cannot disabler Apparmor since this config need to be put into production.
The local3.log is not getting populated by audit.logs and I cant figure out why. The remote host is not eceiving much either, but it receives some stuff (other logs . I checked with tcpdump -vvvnAXSs 1514 port 514)
I am willing to try other ways of doing this, like using named pipe, but I am not sure how this work.