linux-audit() source options
The file() driver has the following options:
filename()
| Type: | path |
| Default: |
Description: The log file of linux-audit. The AxoSyslog application reads the Linux audit logs from this file.
prefix()
| Synopsis: | prefix() |
| Default: | .auditd. |
Description: Insert a prefix before the name part of the parsed name-value pairs to help further processing. For example:
-
To insert the
my-parsed-data.prefix, use theprefix(my-parsed-data.)option. -
To refer to a particular data that has a prefix, use the prefix in the name of the macro, for example,
${my-parsed-data.name}. -
If you forward the parsed messages using the IETF-syslog protocol, you can insert all the parsed data into the SDATA part of the message using the
prefix(.SDATA.my-parsed-data.)option.
Names starting with a dot (for example, .example) are reserved for use by AxoSyslog. Note that if you use an empty prefix (prefix("")) or one starting with a dot, AxoSyslog might replace the original value of an existing macro (note that only soft macros can be overwritten, see Hard versus soft macros for details). To avoid such problems, use a prefix when naming the parsed values, for example, prefix(my-parsed-data.)