tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update how_to_deploy_audisp_remote_for_audit_log.mkd

Browse Source
This commit is contained in:
Samson-W 2021-07-09 01:51:32 +08:00
parent 0349040bb4
commit d262a18d70
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/configurations/manual-operation-docs/how_to_deploy_audisp_remote_for_audit_log.mkd
View File

@ -45,11 +45,17 @@ etc/audisp/audisp-remote.conf is inconsistent with the MAN document
queue_error_action. queue_error_action.
``` ```
If not record logs on local filesystem, Modify /etc/audit/auditd.conf: If not record logs on local filesystem, Modify /etc/audit/auditd.conf:
``` ```
write_logs = no write_logs = no
``` ```
Set name_format of /etc/audisp/audispd.conf to NUMERIC, in audit.log, the node will record the IP address:
```
name_format = NUMERIC
```
** Note: The IP address may be 127.0.1.1, please modify it in /etc/hosts. You can use hostname -i to check whether it is the correct address. **
### Restart service ### Restart service
Restart auditd service: Restart auditd service:
``` ```