Centralised Log monitoring


I have number of hosts where audit logs are enabled, i want to monitor those audit logs per host wise in foreman?If yes, how can i monitor?
Thanks in advance…

It’s bit hard to understand what do you mean by audit logs on host and what would you like to monitor.
Could you please be more specific?


Let say i installed audit.d, configured with rules, now logs are writing in /var/log/audit.log on hosts, how do i get that audit.log file per host wise and see the logs in foreman.

Hello, audit daemon in RHEL uses regular logging capabilities, that is journald and syslog. If you want these to appear in Foreman (syslog), then simply configure the syslog daemon to listen on the network and syslog on your hosts to send all audit logs over the wire.

If you want those audit lines to appear in Foreman audit (UI/CLI/API) however, we don’t have a way how to put them into the database unfortunately. You can write a plugin or a simple process and put them into the database, it’s just few tables.

On similar note, I am just finishing centralised logging via Rsyslog and Elastic Search, I am putting the link here for the record: https://github.com/lzap/foreman-elasticsearch