linux-audit: Collect messages from Linux audit logs
It reads and automatically parses the Linux audit logs. You can override the file name using the filename() parameter and the prefix for the created name-value pairs using the prefix() parameter. Any additional parameters are passed to the file source.
Note
Most recent Linux distributions enable Security-Enhanced Linux (SELinux) or AppArmor as a security measure. If enabled, these technologies might disable access to the Linux Audit log file by default. Consult their manuals to enable Linux Audit log access for AxoSyslog.
Declaration:
linux-audit(options);
Example: Using the linux-audit() driver
source s_auditd {
linux-audit(
prefix("test.")
hook-commands(
startup("auditctl -w /etc/ -p wa")
shutdown("auditctl -W /etc/ -p wa")
)
);
};
Last modified December 18, 2024: Merge pull request #90 from axoflow/minor-fixes-241218 (68cd7df)