[tac_plus] Anyway to format the .acct file or have it log to syslog?
Matt Almgren
matta at surveymonkey.com
Wed Aug 22 00:03:30 UTC 2018
We are trying to ship the tac_plus.acct log files into our SIEM, but it seems that it can’t handle the non-syslog format of the file. Is there anyway to get the .acct file to log into syslog? I have tried changing this var in the config file “accounting file = /var/log/tacacs/tac_plus.acct” to point to /var/log/syslog, but it still logs to the .acct file and seems to ignore that entry.
Or does anyone know of a script that will run in the background and covert the .acct file into a syslog format? That way our SIEM log importer will recognize it and hopefully pickup on it .
Thanks, Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20180822/0fba6215/attachment.html>
More information about the tac_plus
mailing list