Send Audit Logs to Network Share

Latest response

Not a linux expert, so excuse the ignorance....

I'm on RHEL 7 and am trying to save my audit logs to a network share for archiving. Was using a cronjob when using RHEL 5, but since I've upgraded, trying to see if there is an easier, more efficient way of doing this. Maybe using logrotate.conf? Any ideas will be helpful. Thanks!

Responses

Hello Gerald,

Please check this KB which has steps to send audit logs to a remote server: https://access.redhat.com/solutions/28676

Also, look at this: https://access.redhat.com/articles/3600141

Hope this helps!

Thanks Sadashiva. I am basically trying to save copies of my logs on a directory within the same network on a windows server without a specific syslog service. So, making a copy of a daily log and saving it to /c://Windows/logs, for example. I am looking into using the logrotate.conf config file to possibly accomplish this, but whatever works, I am all ears.

I don't think there is any native utility or tool available in Linux which can get this done. I'm not sure if rsync command can do this, but it is worth checking that. Otherwise, you might have to look out for third party tools which may fit here.