tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update how_to_deploy_audisp_remote_for_audit_log.mkd

This commit is contained in:
Samson-W 2021-07-09 01:51:32 +08:00
parent 0349040bb4
commit d262a18d70
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/configurations/manual-operation-docs/how_to_deploy_audisp_remote_for_audit_log.mkd
View File

@ -45,11 +45,17 @@ etc/audisp/audisp-remote.conf is inconsistent with the MAN document
queue_error_action.
```
If not record logs on local filesystem, Modify /etc/audit/auditd.conf:
If not record logs on local filesystem, Modify /etc/audit/auditd.conf:
```
write_logs = no
```
Set name_format of /etc/audisp/audispd.conf to NUMERIC, in audit.log, the node will record the IP address:
```
name_format = NUMERIC
```
** Note: The IP address may be 127.0.1.1, please modify it in /etc/hosts. You can use hostname -i to check whether it is the correct address. **
### Restart service
Restart auditd service:
```