[sysadmin-notify] [ansible] Add rsyslog-audit.conf.default
commit cdceef0412c875e07fa1219f19bc448f8ab458a0
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue May 14 13:24:59 2019 +0200
Add rsyslog-audit.conf.default
.../base/files/rsyslog/rsyslog-audit.conf.default | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)
---
diff --git a/roles/base/files/rsyslog/rsyslog-audit.conf.default
b/roles/base/files/rsyslog/rsyslog-audit.conf.default
new file mode 100644
index 0000000..185f376
--- /dev/null
+++ b/roles/base/files/rsyslog/rsyslog-audit.conf.default
@@ -0,0 +1,13 @@
+# monitor auditd log and send out over local6 to central loghost
+$ModLoad imfile.so
+
+# auditd audit.log
+$InputFileName /var/log/audit/audit.log
+$InputFileTag tag_audit_log:
+$InputFileStateFile audit_log
+$InputFileSeverity info
+$InputFileFacility local6
+$InputRunFileMonitor
+
+:msg, !contains, "type=AVC"
+local6.* @@log01:514