On Tue, 2009-03-24 at 13:06 -0400, Steve Grubb wrote: > On Tuesday 24 March 2009 12:29:48 LC Bruzenak wrote: > > On the prewikka screen I only see the second event. > > prelude is its own protocol and picks out certain data from its config files > and > puts in its packets. The intended use is each machine sends its prelude > alerts
not MY intended use... :) > to a common prelude manager. Each audit event is sent to its aggregator. The > two systems diverge at audispd. > > kernel->auditd->audispd-+->audisp-prelude->prelude-manager > +->audisp-remote->auditd > > -Steve Steve; thanks. I may not follow. Does the above preclude what I'm asking? Asked another way, what stops the aggregated audit events from creating a prelude event? Thx, LCB. -- LC (Lenny) Bruzenak [email protected] -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
