Configure audispd Plugin To Send Logs To Remote Server

Description

Configure the audispd plugin to off-load audit records onto a different system or media from the system being audited. Set the remote_server option in

/etc/audit/audisp-remote.conf

with an IP address or hostname of the system that the audispd plugin should send audit records to. For example

remote_server =

Rationale

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.Off-loading is a common process in information systems with limited audit storage capacity.

ID: xccdf_org.ssgproject.content_rule_auditd_audispd_configure_remote_server
Severity: Medium
References: CCI-001851

FAU_GEN.1.1.c

SRG-OS-000342-GPOS-00133 SRG-OS-000479-GPOS-00224
Updated: about 1 year ago