[Aide] Query over report_url=syslog:<some_path>

Wed Jan 20 12:51:50 EET 2021

Hi Hannes

Thanks for responding.

Your response implies to me that AIDE has never got the report_url=syslog:<FACILITY> to work correctly and therefore it remains unsupported.  Is this correct?  If someone was to look at "enabling" this option, would that be of interest or is the feeling of you experts that it is not feasible (rather than not necessary)?

I have since also tried our config on a V0.15/RHEL7 system and that seems to exhibit similar behaviour (and therefore ties in with your responses).

Regards
Phil

--
Phil J Fisher
-----Original Message-----
From: Aide <aide-bounces at ipi.fi> On Behalf Of aide-request at ipi.fi
Sent: 20 January 2021 10:00
To: aide at ipi.fi
Subject: Aide Digest, Vol 33, Issue 2

Send Aide mailing list submissions to
aide at ipi.fi

Today's Topics:

   1. Re: Query over report_url=syslog:<some_path> (Hannes von Haugwitz)

----------------------------------------------------------------------

Message: 1
Date: Tue, 19 Jan 2021 21:19:10 +0100
From: Hannes von Haugwitz <hannes at vonhaugwitz.com>
To: Aide user mailinglist <aide at ipi.fi>
Subject: Re: [Aide] Query over report_url=syslog:<some_path>
Message-ID: <20210119201910.GB1431240 at sulfur.vonhaugwitz.com>
Content-Type: text/plain; charset=us-ascii

Hi,

On Mon, Jan 18, 2021 at 05:34:36PM +0000, Fisher, Philip wrote:
> My query is that I am using in aide.conf:
>
> report_url=file:<some pathname>
> report_url=syslog:LOCAL6

The `report_url=syslog:<FACILITY>` syntax is currently not supported in
AIDE upstream. Please check if the binary you are using is patched.

> Now the reason for wanting the syslog capability to work is so that
> each line has a good log timestamp.  Our log scraping facility will
> remotely copy the file elsewhere for analysis/archive.  As far as I
> know, AIDE does not timestamp (in 0.14) any lines or AIDE runs.

There are some feature requests regarding log format (for example
#41[0]). Feel free to leave a comment there.

> Our current version on RHEL6 is 0.14 and due to current project
> constraints this is not likely to change soon.  While accepting this
> is an OLD version of AIDE, and NOT maintained anymore I assume, can
> the expert(s) clarify:

AIDE 0.14 has been released 10 years ago, so you should definitely
consider an upgrade to the latest AIDE release (AIDE 0.17 is to be
released soon).

Best regards

Hannes

[0] https://clicktime.symantec.com/3Ho9g7Gf1noUJUyiHG6VihR7Vc?u=https%3A%2F%2Fgithub.com%2Faide%2Faide%2Fissues%2F41

------------------------------

Subject: Digest Footer

_______________________________________________
Aide mailing list
Aide at ipi.fi
https://clicktime.symantec.com/3VYSjASNoFqfps4DXeNmoAk7Vc?u=https%3A%2F%2Fwww.ipi.fi%2Fmailman%2Flistinfo%2Faide

------------------------------

End of Aide Digest, Vol 33, Issue 2
***********************************

DXC Technology Company -- This message is transmitted to you by or on behalf of DXC Technology Company or one of its affiliates.  It is intended exclusively for the addressee.  The substance of this message, along with any attachments, may contain proprietary, confidential or privileged information or information that is otherwise legally exempt from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate any part of this message. If you have received this message in error, please destroy and delete all copies and notify the sender by return e-mail. Regardless of content, this e-mail shall not operate to bind DXC Technology Company or any of its affiliates to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.