| Ivan Suzdal | 50a360f | 2018-06-04 16:07:41 +0400 | [diff] [blame] | 1 | auditd: |
| 2 | service: |
| 3 | enabled: true |
| 4 | log_file: /var/log/audit/audit.log |
| 5 | log_format: RAW |
| 6 | log_group: root |
| 7 | priority_boost: 4 |
| 8 | flush: INCREMENTAL |
| 9 | freq: 20 |
| 10 | num_logs: 5 |
| 11 | disp_qos: lossy |
| 12 | dispatcher: /sbin/audispd |
| 13 | name_format: NONE |
| 14 | max_log_file: 6 |
| 15 | max_log_file_action: ROTATE |
| 16 | space_left: 75 |
| 17 | space_left_action: SYSLOG |
| 18 | action_mail_acct: root |
| 19 | admin_space_left: 50 |
| 20 | admin_space_left_action: SUSPEND |
| 21 | disk_full_action: SUSPEND |
| 22 | disk_error_action: SUSPEND |
| 23 | tcp_listen_queue: 5 |
| 24 | tcp_max_per_addr: 1 |
| 25 | tcp_client_max_idle: 0 |
| 26 | enable_krb5: no |
| 27 | audisp: |
| 28 | enabled: true |
| 29 | plugins: |
| 30 | syslog: |
| 31 | active: 'yes' |
| 32 | direction: out |
| 33 | path: builtin_syslog |
| 34 | type: builtin |
| 35 | args: LOG_INFO |
| 36 | format: string |
| Ivan Berezovskiy | 535bae6 | 2019-07-15 20:09:20 +0400 | [diff] [blame] | 37 | remote: |
| 38 | remote_server: audit.host.com |
| 39 | port: 1111 |
| 40 | transport: tcp |
| 41 | mode: immediate |