audisp-statsd - Man Page
plugin to push audit metrics to a statsd service
Synopsis
audisp-statsd [ OPTIONS ]
Description
audisp-statsd is a plugin for the audit event dispatcher that pushes various audit metrics to a statsd service using UDP. Currently it collects the following metrics as gauges:
- backlog
number of kernel events pending transfer to user space
- lost
number of kernel events dropped
- free_space
how much disk free space auditd sees in MB
- plugin_current_depth
number of events in auditd pending transfer to plugins
- plugin_max_depth
historical maximum number of events backlogged while pending transfer to plugins
as counters:
- events_total_count
total number of events seen during interval
- events_total_failed
total number of events seen during interval with failed outcome
- events_avc_count
total number of AVC events seen during interval
- events_fanotify_count
total number of FANOTIFY events seen during interval
- events_logins_success
total number of successful login events seen during interval
- events_logins_failed
total number of failed login events seen during interval
- events_anamoly_count
total number of anamoly events seen during interval
- events_response_count
total number of anamoly response events seen during interval
Files
/etc/audit/audisp-statsd.conf /etc/audit/plugins/au-statsd.conf
See Also
auditd.conf(8), auditd-plugins(5).
Author
Steve Grubb