Add sample of syslog plugin configuration Change-Id: Id0517f00255041432e1f875db59c25cee78d1ea0

commit: 509fe2745f4ac20552726313ff8550932a42b150 [log] [tgz]
author: Oleksii Chupryn <achuprin@mirantis.com> Tue Jun 12 13:39:26 2018 +0300
committer: Oleksii Chupryn <achuprin@mirantis.com> Tue Jun 12 13:46:17 2018 +0300
tree: 29c85a5329d430149ff887b52ce2b9076a35298e
parent: 50a360f947f647bd39f893740eb9d907191ced52 [diff] [blame]
diff --git a/README.rst b/README.rst
index 2057ec5..a3713c1 100644
--- a/README.rst
+++ b/README.rst

@@ -61,6 +61,25 @@
             - '-w /etc/passwd -p wa'
             - '-a always,exit -F arch=b64 -S mount'
 
+Auditd service with syslog plugin configuration
+
+.. code-block:: yaml
+
+  auditd:
+    service:
+      enabled: true
+      log_format: NOLOG
+      ...
+    audisp:
+      enabled: true
+      plugins:
+        syslog:
+          active: 'yes'
+          direction: out
+          path: builtin_syslog
+          type: builtin
+          args: 'LOG_INFO LOG_LOCAL6'
+          format: string
 
 References
 =========
commit	509fe2745f4ac20552726313ff8550932a42b150	[log] [tgz]
author	Oleksii Chupryn <achuprin@mirantis.com>	Tue Jun 12 13:39:26 2018 +0300
committer	Oleksii Chupryn <achuprin@mirantis.com>	Tue Jun 12 13:46:17 2018 +0300
tree	29c85a5329d430149ff887b52ce2b9076a35298e
parent	50a360f947f647bd39f893740eb9d907191ced52 [diff] [blame]