subject:"\[rsyslog\] Combining AuditD logs using Rsyslog"

Re: [rsyslog] Combining AuditD logs using Rsyslog

2024-07-23 Thread David Lang via rsyslog

You could use something like Simple Event Correlator to combine logs like this. There is not a good way to do so inside rsyslog (and trying to do so would cause all sorts of grief with locking and multi-threaded processing) best to do the combining before the logs go to rsyslog. David Lang __

Re: [rsyslog] Combining AuditD logs using Rsyslog

2024-07-22 Thread traef via rsyslog

ginal message From: Nugzar Mazmishvili via rsyslog Date: 7/22/24 7:25 AM (GMT-05:00) To: rsyslog@lists.adiscon.com Cc: Nugzar Mazmishvili Subject: [rsyslog] Combining AuditD logs using Rsyslog Hello everyone,There’s been this issue for me as long as I’ve dealt with Rsyslog and A

[rsyslog] Combining AuditD logs using Rsyslog

2024-07-22 Thread Nugzar Mazmishvili via rsyslog

Hello everyone, There’s been this issue for me as long as I’ve dealt with Rsyslog and Auditd. Auditd generates multiple lines of logs for one event, Rsyslog sends all of those lines as separate logs, while in reality they’re one event. As seen below: type=EXECVE msg=audit(1721647173.263:801222)

Re: [rsyslog] Combining AuditD logs using Rsyslog

Re: [rsyslog] Combining AuditD logs using Rsyslog

[rsyslog] Combining AuditD logs using Rsyslog

3 matches

Site Navigation

Mail list logo

Footer information