Audit Conf files parsers

The auditd.conf file is a standard key = value file with hash comments. Active settings are provided using the get_active_settings_value method or by using the dictionary contains functionality.

The audispd.conf file has the same format and usage with auditd.conf.


For Red Hat Enterprise Linux 7 and older, auditd and audispd are separate processes. Starting with Red Hat Enterprise Linux 8 the functionality of audispd has been migrated to auditd.

AuditdConf - file /etc/audit/auditd.conf

AudispdConf - file /etc/audisp/audispd.conf


>>> conf = shared[AuditdConf]
>>> conf.get_active_setting_value('log_group')
>>> 'log_file' in conf
class insights.parsers.auditd_conf.AudispdConf(*args, **kwargs)[source]

Bases: insights.parsers.auditd_conf.AuditConfParser

class insights.parsers.auditd_conf.AuditConfParser(*args, **kwargs)[source]

Bases: insights.core.Parser

A parser for accessing plain “key=value” configuration files, eg: /etc/audit/auditd.conf.


Access active setting value by setting name.

Parameters:setting_name (string) -- Setting name

Main parsing class method which stores all interesting data from the content.

Parameters:content (context.content) -- Parser context content
class insights.parsers.auditd_conf.AuditdConf(*args, **kwargs)[source]

Bases: insights.parsers.auditd_conf.AuditConfParser