Configure remote logging for auditd

Configure remote logging for auditd

Note

This feature is available starting from the MCP 2019.2.6 maintenance update. Before using the feature, follow the steps described in Apply maintenance updates.

This section instructs you on how to configure remote logging for auditd.

To configure remote logging for auditd:

  1. Log in to the Salt Master node.

  2. In the classes/cluster/<cluster_name>/ directory, open one of the following files:

    • To configure one remote host for auditd for all nodes, use infra/init.yml.

    • To configure a remote host for a set of nodes, use a specific configuration file. For example, openstack/compute/init.yml for all OpenStack compute nodes.

  3. Configure the remote host using the following exemplary pillar:

    parameters:
      audisp:
        enabled: true
        remote:
          remote_server: <ip_address or hostname>
          port: <port>
          local_port: any
          transport: tcp
          ...
          key1: value1
    
  4. Refresh pillars on the target nodes:

    salt <nodes> saltutil.refresh_pillar
    
  5. Apply the auditd.audisp state on the target nodes:

    salt <nodes> state.apply auditd.audisp