[Aide] Query over report_url=syslog:<some_path>
Hannes von Haugwitz
hannes at vonhaugwitz.com
Tue Jan 19 22:19:10 EET 2021
Hi,
On Mon, Jan 18, 2021 at 05:34:36PM +0000, Fisher, Philip wrote:
> My query is that I am using in aide.conf:
>
> report_url=file:<some pathname>
> report_url=syslog:LOCAL6
The `report_url=syslog:<FACILITY>` syntax is currently not supported in
AIDE upstream. Please check if the binary you are using is patched.
> Now the reason for wanting the syslog capability to work is so that
> each line has a good log timestamp. Our log scraping facility will
> remotely copy the file elsewhere for analysis/archive. As far as I
> know, AIDE does not timestamp (in 0.14) any lines or AIDE runs.
There are some feature requests regarding log format (for example
#41[0]). Feel free to leave a comment there.
> Our current version on RHEL6 is 0.14 and due to current project
> constraints this is not likely to change soon. While accepting this
> is an OLD version of AIDE, and NOT maintained anymore I assume, can
> the expert(s) clarify:
AIDE 0.14 has been released 10 years ago, so you should definitely
consider an upgrade to the latest AIDE release (AIDE 0.17 is to be
released soon).
Best regards
Hannes
[0] https://github.com/aide/aide/issues/41
More information about the Aide
mailing list