Oh, another thing which would (potentially) get harder is aggregation. Since we have aggregated audit data sent from one audisp-remote to the event loop of the aggregating auditd, both systems (kernels) would need to be on the same data format page. Otherwise, the formats would be interwoven in the same on-disk log.
LCB. -- LC (Lenny) Bruzenak [EMAIL PROTECTED] -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
