audisp-statsd - Man Page

plugin to push audit metrics to a statsd service

Synopsis

audisp-statsd [ OPTIONS ]

Description

audisp-statsd is a plugin for the audit event dispatcher that pushes various audit metrics to a statsd service using UDP. Currently it collects the following metrics as gauges:

backlog

number of kernel events pending transfer to user space

lost

number of kernel events dropped

free_space

how much disk free space auditd sees in MB

plugin_current_depth

number of events in auditd pending transfer to plugins

plugin_max_depth

historical maximum number of events backlogged while pending transfer to plugins

as counters:

events_total_count

total number of events seen during interval

events_total_failed

total number of events seen during interval with failed outcome

events_avc_count

total number of AVC events seen during interval

events_fanotify_count

total number of FANOTIFY events seen during interval

events_logins_success

total number of successful login events seen during interval

events_logins_failed

total number of failed login events seen during interval

events_anamoly_count

total number of anamoly events seen during interval

events_response_count

total number of anamoly response events seen during interval

Files

/etc/audit/audisp-statsd.conf /etc/audit/plugins/au-statsd.conf

See Also

auditd.conf(8), auditd-plugins(5),

Author

Steve Grubb

Info

February 2021 Red Hat System Administration Utilities