I have a RHEL server in which I have configured an audit rule to log a specific event. I wanted to forward those logs to a remote syslog server. I couldn't find a way to forward those specific logs so I configured forwarding for all audit logs to remote server due to which /var/log in the remote syslog server is getting full frequently. I have 2 ways to fix this problem but I cannot find a technical solution for either.
1. Log the events of that specific rule to a separate log file or if possible, directly to the remote syslog server
2. Forward the audit logs generated by that specific rule only to remote syslog server
Any other solution is much appreciated.
Asked by Prateek Bansal
(19 rep)
Dec 22, 2023, 06:10 AM
Last activity: Dec 22, 2023, 07:10 AM
Last activity: Dec 22, 2023, 07:10 AM