Hello everyone,
There’s been this issue for me as long as I’ve dealt with Rsyslog and Auditd.
Auditd generates multiple lines of logs for one event, Rsyslog sends all of
those lines as separate logs, while in reality they’re one event.
As seen below:
type=EXECVE msg=audit(1721647173.263:801222)
the msg ID.
That's the only way we found to handle it.
Original message
From: Nugzar Mazmishvili via rsyslog
mailto:rsyslog@lists.adiscon.com>>
Date: 7/22/24 7:25 AM (GMT-05:00)
To: rsyslog@lists.adiscon.com<mailto:rsyslog@lists.adiscon.com>
Cc: N
2 matches
Mail list logo
