hostname in the audit log file name

Latest response

In auditd.conf, name_format=hostname will insert the hostname into the audit.log (or whatever name you specify for log_file. Is there a way to have the log_file include the name of the host in its name? With several machines worth of audit logs to evaluate and keep, it would be very nice to have this naming done in the configuration.

Responses

You can change the log file name in /etc/audit/auditd.conf from the default audit.log to something like myserver-audit.log log_file = /var/log/audit/audit.log

Remember to update logrotate as well.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.