The rsyslog rules for SIMP's aide module specify an input rule AFTER the remote (forwarding) rule. This rule results in
the logs not being forwarded to remote syslog servers
the logs being duplicated on the local machine.
To fix this behavior the following needs to be done:
The 'aide_log' and 'aide_report' rsyslog::rule::other rules need to be changed to rsyslog::rule::data_source
Local drop rules for this data needs to be created, using syslog::rule::local with content parameter being introduced with
Although local logs are duplicated, it may be the case that the AIDE reports are overwritten each time AIDE runs, not appended. If that is the case, the local syslog messages should be retained. Need to check how AIDE is configured.