Hi Hannes Thanks for responding.
Your response implies to me that AIDE has never got the report_url=syslog:<FACILITY> to work correctly and therefore it remains unsupported. Is this correct? If someone was to look at "enabling" this option, would that be of interest or is the feeling of you experts that it is not feasible (rather than not necessary)? I have since also tried our config on a V0.15/RHEL7 system and that seems to exhibit similar behaviour (and therefore ties in with your responses). Regards Phil -- Phil J Fisher -----Original Message----- From: Aide <[email protected]> On Behalf Of [email protected] Sent: 20 January 2021 10:00 To: [email protected] Subject: Aide Digest, Vol 33, Issue 2 Send Aide mailing list submissions to [email protected] Today's Topics: 1. Re: Query over report_url=syslog:<some_path> (Hannes von Haugwitz) ---------------------------------------------------------------------- Message: 1 Date: Tue, 19 Jan 2021 21:19:10 +0100 From: Hannes von Haugwitz <[email protected]> To: Aide user mailinglist <[email protected]> Subject: Re: [Aide] Query over report_url=syslog:<some_path> Message-ID: <[email protected]> Content-Type: text/plain; charset=us-ascii Hi, On Mon, Jan 18, 2021 at 05:34:36PM +0000, Fisher, Philip wrote: > My query is that I am using in aide.conf: > > report_url=file:<some pathname> > report_url=syslog:LOCAL6 The `report_url=syslog:<FACILITY>` syntax is currently not supported in AIDE upstream. Please check if the binary you are using is patched. > Now the reason for wanting the syslog capability to work is so that > each line has a good log timestamp. Our log scraping facility will > remotely copy the file elsewhere for analysis/archive. As far as I > know, AIDE does not timestamp (in 0.14) any lines or AIDE runs. There are some feature requests regarding log format (for example #41[0]). Feel free to leave a comment there. > Our current version on RHEL6 is 0.14 and due to current project > constraints this is not likely to change soon. While accepting this > is an OLD version of AIDE, and NOT maintained anymore I assume, can > the expert(s) clarify: AIDE 0.14 has been released 10 years ago, so you should definitely consider an upgrade to the latest AIDE release (AIDE 0.17 is to be released soon). Best regards Hannes [0] https://clicktime.symantec.com/3Ho9g7Gf1noUJUyiHG6VihR7Vc?u=https%3A%2F%2Fgithub.com%2Faide%2Faide%2Fissues%2F41 ------------------------------ Subject: Digest Footer _______________________________________________ Aide mailing list [email protected] https://clicktime.symantec.com/3VYSjASNoFqfps4DXeNmoAk7Vc?u=https%3A%2F%2Fwww.ipi.fi%2Fmailman%2Flistinfo%2Faide ------------------------------ End of Aide Digest, Vol 33, Issue 2 *********************************** DXC Technology Company -- This message is transmitted to you by or on behalf of DXC Technology Company or one of its affiliates. It is intended exclusively for the addressee. The substance of this message, along with any attachments, may contain proprietary, confidential or privileged information or information that is otherwise legally exempt from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate any part of this message. If you have received this message in error, please destroy and delete all copies and notify the sender by return e-mail. Regardless of content, this e-mail shall not operate to bind DXC Technology Company or any of its affiliates to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. _______________________________________________ Aide mailing list [email protected] https://www.ipi.fi/mailman/listinfo/aide
