| AUDISP-STATSD(8) | System Administration Utilities | AUDISP-STATSD(8) |
NAME¶
audisp-statsd - plugin to push audit metrics to a statsd service
SYNOPSIS¶
audisp-statsd [ OPTIONS ]
DESCRIPTION¶
audisp-statsd is a plugin for the audit event dispatcher that pushes various audit metrics to a statsd service using UDP. Currently it collects the following metrics as gauges:
- backlog
- number of kernel events pending transfer to user space
- lost
- number of kernel events dropped
- free_space
- how much disk free space auditd sees in MB
- plugin_current_depth
- number of events in auditd pending transfer to plugins
- plugin_max_depth
- historical maximum number of events backlogged while pending transfer to plugins
- events_total_count
- total number of events seen during interval
- events_total_failed
- total number of events seen during interval with failed outcome
- events_avc_count
- total number of AVC events seen during interval
- events_fanotify_count
- total number of FANOTIFY events seen during interval
- events_logins_success
- total number of successful login events seen during interval
- events_logins_failed
- total number of failed login events seen during interval
- events_anamoly_count
- total number of anamoly events seen during interval
- events_response_count
- total number of anamoly response events seen during interval
FILES¶
/etc/audit/audisp-statsd.conf /etc/audit/plugins/au-statsd.conf
SEE ALSO¶
auditd.conf(8), auditd-plugins(5).
AUTHOR¶
Steve Grubb
| February 2021 | Red Hat |