tests/pillar/audisp.sls - salt-formulas/auditd - Gitiles

 auditd:
   service:
     enabled: true
     log_file: /var/log/audit/audit.log
     log_format: RAW
     log_group: root
     priority_boost: 4
     flush: INCREMENTAL
     freq: 20
     num_logs: 5
     disp_qos: lossy
     dispatcher: /sbin/audispd
     name_format: NONE
     max_log_file: 6
     max_log_file_action: ROTATE
     space_left: 75
     space_left_action: SYSLOG
     action_mail_acct: root
     admin_space_left: 50
     admin_space_left_action: SUSPEND
     disk_full_action: SUSPEND
     disk_error_action: SUSPEND
     tcp_listen_queue: 5
     tcp_max_per_addr: 1
     tcp_client_max_idle: 0
     enable_krb5: no
   audisp:
     enabled: true
     plugins:
       syslog:
         active: 'yes'
         direction: out
         path: builtin_syslog
         type: builtin
         args: LOG_INFO
         format: string
     remote:
       remote_server: audit.host.com
       port: 1111
       transport: tcp
       mode: immediate
	auditd:
	service:
	enabled: true
	log_file: /var/log/audit/audit.log
	log_format: RAW
	log_group: root
	priority_boost: 4
	flush: INCREMENTAL
	freq: 20
	num_logs: 5
	disp_qos: lossy
	dispatcher: /sbin/audispd
	name_format: NONE
	max_log_file: 6
	max_log_file_action: ROTATE
	space_left: 75
	space_left_action: SYSLOG
	action_mail_acct: root
	admin_space_left: 50
	admin_space_left_action: SUSPEND
	disk_full_action: SUSPEND
	disk_error_action: SUSPEND
	tcp_listen_queue: 5
	tcp_max_per_addr: 1
	tcp_client_max_idle: 0
	enable_krb5: no
	audisp:
	enabled: true
	plugins:
	syslog:
	active: 'yes'
	direction: out
	path: builtin_syslog
	type: builtin
	args: LOG_INFO
	format: string
	remote:
	remote_server: audit.host.com
	port: 1111
	transport: tcp
	mode: immediate