SUSECON
Results 1 to 3 of 3

Thread: SLES10 syslog-ng and audit.log.

Threaded View

  1. #1

    Question SLES10 syslog-ng and audit.log.

    Good day,

    I am trying to configure syslog-ng to send the audit.log file to a remote server. I always get a permission denied on the file unless i disable apparmor.. I cannot disabler Apparmor since this config need to be put into production.

    Here is my config:

    source s_file {
    file("/var/log/audit/audit.log");
    };


    destination d_local_audit {
    file ("/var/log/local3.log");
    };


    log {
    source (s_file);
    destination(d_local_audit)
    destination(d_remote_loghost3);
    };


    The local3.log is not getting populated by audit.logs and I cant figure out why. The remote host is not eceiving much either, but it receives some stuff (other logs . I checked with tcpdump -vvvnAXSs 1514 port 514)


    I am willing to try other ways of doing this, like using named pipe, but I am not sure how this work.

    Any help is greatly apreciated.
    Last edited by malarie_01; 17-Aug-2016 at 20:33.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •