From de26fc2d64a7afe600d528f34a5bd4f59e250883 Mon Sep 17 00:00:00 2001 From: Kam Nasim Date: Fri, 6 Oct 2017 12:57:24 -0400 Subject: [PATCH] US103091: IMA: System Configuration enable audispd to send audit events to the LOG_AUTH facility where it will be used by syslog-ng to filter them into a seperate ima log as well as send them to an FM Event log stream --- audisp/plugins/builtins/syslog.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/audisp/plugins/builtins/syslog.conf b/audisp/plugins/builtins/syslog.conf index 7d7dbd7..0a80d72 100644 --- a/audisp/plugins/builtins/syslog.conf +++ b/audisp/plugins/builtins/syslog.conf @@ -6,9 +6,9 @@ # logged to. Valid options are LOG_LOCAL0 through 7, LOG_AUTH, # LOG_AUTHPRIV, LOG_DAEMON, LOG_SYSLOG, and LOG_USER. -active = no +active = yes direction = out path = builtin_syslog type = builtin -args = LOG_INFO +args = LOG_INFO LOG_AUTH format = string -- 1.8.3.1